Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
99
Signature ID: 673
A possible attempt to crash IE 6 using code <acronym><dd><h5>
Threat Level: Information
Signature Description: The rule tries to detect a possible attempt to crash IE 6. The rule is triggered when a user is
accessing a web site, which has already been compromised by some attacker and the resulting page contains html
contents (pages) like <acronym><dd><h5><applet></caption></applet><li></h1>. When IE tries to open such a page,
it crashes. This rule also tries to detect a possible attempt to insert a malicious html code in a page which is writable
from outside .i.e any feedback or posting etc. The resulting page, which contains that code crashes IE 6.
Signature ID: 675
A possible attempt to SQL injection (1)
Threat Level: Information
Signature Description: SQL injection is a type of security exploit in which the attacker adds Structured Query
Language(SQL) code to a Web form input box to gain access to resources or make changes to data. This rule is
triggered when an attacker is accessing the inside web site to insert some malicious characters (for example, by filling
"feedback") to trigger SQL injection attack.
Signature ID: 676
A possible attempt to SQL injection (2)
Threat Level: Information
Signature Description: SQL injection is a type of security exploit in which the attacker adds Structured Query
Language(SQL) code to a Web form input box to gain access to resources or make changes to data. The rule tries to
detect a possible attempt to SQL injection. The rule is triggered when an attacker is accessing the web site to insert
some malicious characters to trigger SQL injection attack.
Signature ID: 703
W3C Jigsaw Device Name Path Disclosure Vulnerability
Threat Level: Information
Industry ID: CVE-2002-1052 Bugtraq: 5251,5258 Nessus: 11047
Signature Description: Jigsaw is a Web server produced by World Wide Web Consortium(W3C) that is designed for
the purpose of show new web protocols and other features. It is written in Java programming language. Jigsaw(Jigsaw
version 2.2.1) is a denial of service vulnerability. This rule triggers when an attacker sending a HTTP request to the
'/servlet/con' device above 30 times, an attacker can use this vulnerability to crash the DOS device. This issue is fixed
in jigsaw 2.2.1 Build 200207 or later version. Upgrade the 2.2.1 Build 20020711 or later version, available at vendor's
web site.
Signature ID: 705
PhpBB Viewtopic.PHP SQL Injection Vulnerability
Threat Level: Information
Industry ID: CVE-2003-0486
Bugtraq: 7979 Nessus: 11767
Signature Description: PhpBB is a open-source bulletin board application. It is a popular Internet forum package
written in the PHP programming language. PhpBB(PhpBB version 2.0.5 and earlier) is a SQL injection vulnerability.
This rule will triggers when an attacker sending specially-crafted SQL statements to the viewtopic.php script using the
topic_id variable, an attacker can use this vulnerability to steal password hashes and gain unauthorized access to the
account. This issue is fixed in latest version of PHPBB. Update the latest version of PHPBB, available at vendor's
website.