Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
98
Signature ID: 662
Mambo uploadimage.php access vulnerability
Threat Level: Information
Bugtraq: 6572 Nessus: 16315
Signature Description: Mambo is a Content Management System(CMS). It is the engine behind your website that
simplifies the creation, management, and sharing of content. Mambo Site server(Mambo Site Server version 4.0.12b
and prior) could allow a remote attacker to upload malicious PHP files. A remote attacker could send a specially-
crafted URL request containing a malicious PHP file to the uploadimage.php script. Specially, the script only checks to
see whether certain image extensions, such as '.jpg' and '.gif', exist in the file name. As such any file that include the
allowed extensions may be uploaded. Any uploaded files will be stored in the 'images/stories' directory on the system.
An attacker can exploit this vulnerability to upload malicious applications to the vulnerable system. No remedy
available as of July, 2008.
Signature ID: 665
HTTP Client - Novarg Worm
Threat Level: Warning
Signature Description: The Novarg worm infects systems through email attachments and p2p file sharing. The targets
are all win32 computers. Once infected the worm installs a backdoor, allowing an attacker remote access to the
system.This signature will be triggered when infected systems attempt the DoS attack against sco site.
Signature ID: 668
PHPBB2 Image Tag HTML Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0902 Bugtraq: 4858
Signature Description: A cross-site scripting vulnerability is caused by the failure of a site to validate user input before
returning it to the client's web-browser. The essence of cross-site scripting is that an intruder causes a legitimate web
server to send a page to a victim's browser that contains malicious script or HTML of the intruder's choosing. The
malicious script runs with the privileges of a legitimate script originating from the legitimate web server. This rule tries
to detect a possible attempt to cross-site scripting using img HTML tag. The Affected version of PHPBB is 2.0 RC-4
and prior. The issue is fixed in the version of PHPBB 2.0.1 or later.
Signature ID: 669
XSS to steal cookies vulnerability
Threat Level: Information
Signature Description: The rule tries to detect a possible attempt to XSS. The rule is triggered when 1) an attacker is
trying to send some data (eg., malicious script) to the web site, so that other users can access the data. in this way, the
attacker can steal the cookies from the other users. This type of the attack is called "cross site scripting" (XSS) attack.
2) a user is accessing a web site, which has already been compromised by some attacker by inserting some malicious
script.
Signature ID: 671
A possible attempt to crash IE 6 using code <table datasrc=".">
Threat Level: Information
Signature Description: The rule tries to detect a possible attempt to crash IE 6. The rule is triggered when a user is
accessing a web site, which has already been compromised by some attacker and the resulting page contains html
contents (pages) like <table datasrc=".">. When IE tries to open such a page, it crashes. This rule also tries to detect a
possible attempt to insert a malicious html code in a page which is writable from outside .i.e any feedback or posting
etc. The resulting page, which contains that code crashes IE 6.