TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
987
manipulation vulnerability. The Watchfire AppScan ActiveX control could allow a remote attacker to overwrite
arbitrary files on the system. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this
vulnerability using the CompactSave() or the SaveSession() insecure methods to create and overwrite arbitrary files on
the system. No remedy is available as of August 2, 2008, user can set killbit to the clsid E302E486-D748-475C-84F3-
4F7ED6F78EC5 to resolve this issue. This signature detects attacks using CLSID and method.
Signature ID: 35633
Watchfire AppScan ActiveX Control CompactSave method Arbitrary File Overwrite
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2015 Bugtraq: 28940
Signature Description: AppScan is an application testing tool that performs security scans on Web applications and
Web Services applications. It can also test server-side functions and vulnerabilities by interacting with the application
in a client capacity. It provides support for applications containing Flash and/or JavaScript, AppScan has the capacity
to parse these components to navigate the application properly. Watchfire, AppScan version 7.0 is vulnerable to file
manipulation vulnerability. The Watchfire AppScan ActiveX control could allow a remote attacker to overwrite
arbitrary files on the system. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this
vulnerability using the CompactSave() or the SaveSession() insecure methods to create and overwrite arbitrary files on
the system. No remedy is available as of August 2, 2008, user can set killbit to the clsid E302E486-D748-475C-84F3-
4F7ED6F78EC5 to resolve this issue. This signature detects attacks using CLSID and %uHHHH encoding.
Signature ID: 35634
Watchfire AppScan ActiveX Control saveRecordedExploreToFile method Arbitrary File
Overwrite Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-2015 Bugtraq: 28940
Signature Description: AppScan is an application testing tool that performs security scans on Web applications and
Web Services applications. It can also test server-side functions and vulnerabilities by interacting with the application
in a client capacity. It provides support for applications containing Flash and/or JavaScript, AppScan has the capacity
to parse these components to navigate the application properly. Watchfire, AppScan version 7.0 is vulnerable to file
manipulation vulnerability. The Watchfire AppScan ActiveX control could allow a remote attacker to overwrite
arbitrary files on the system. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this
vulnerability using the saveRecordedExploreToFile() insecure method to create and overwrite arbitrary files on the
system. No remedy available as of August 2, 2008, user can set killbit to the clsid AA9730F1-70F6-43DC-94FC-
000000000004 to resolve this issue.
Signature ID: 35635
Watchfire AppScan ActiveX Control saveRecordedExploreToFile method Arbitrary File
Overwrite Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2015
Bugtraq: 28940
Signature Description: AppScan is an application testing tool that performs security scans on Web applications and
Web Services applications. It can also test server-side functions and vulnerabilities by interacting with the application
in a client capacity. It provides support for applications containing Flash and/or JavaScript, AppScan has the capacity
to parse these components to navigate the application properly. Watchfire, AppScan version 7.0 is vulnerable to file
manipulation vulnerability. The Watchfire AppScan ActiveX control could allow a remote attacker to overwrite
arbitrary files on the system. By persuading a victim to visit a malicious Web site that contains %u encoded shellcode
data, a remote attacker could exploit this vulnerability using the saveRecordedExploreToFile() insecure method to
create and overwrite arbitrary files on the system. No remedy available as of August 2, 2008, user can set killbit to the
clsid AA9730F1-70F6-43DC-94FC-000000000004 to resolve this issue.