Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 921

HTTP:MISC:NOOP-SLIDE-HEAD-OF
HTTP:MISC:NOOP-SLIDE-REQ-OF
HTTP:MISC:SHAMBALA-DOS1
HTTP:MISC:VISNETIC-DOS
HTTP:MISC:WR850-WEBSHELL
HTTP:NETSCAPE:ENTERPRISE-DOS
HTTP:NOVELL:NETWARE-CONVERT.BAS
HTTP:OREILLY:WIN-C-SMPLE-OVFLOW
HTTP:OVERFLOW:ACCEPT
HTTP:OVERFLOW:ACCEPT-ENCODING
HTTP:OVERFLOW:ACCEPT-LANGUAGE
HTTP:OVERFLOW:ATP-HTTPD-OF
HTTP:OVERFLOW:AUTHORIZATION
Copyright © 2010, Juniper Networks, Inc.
This signature detects buffer overflow attempts against
Web servers on Intel x86 platforms. Attackers may use the
"No-Op Slide" attack to pad the stack with "No Operation"
x86 CPU instructions and overwrite the return address.
This signature detects buffer overflow attempts against
Web servers on Intel x86 platforms. Attackers may use the
"No-Op Slide" attack to pad the stack with "No Operation"
x86 CPU instructions and overwrite the return address.
This signature detects denial-of-service (DoS) attempts
against Evolvable Shambala Server, an FTP, Web, and Chat
server. Version 4.5 is vulnerable. Attackers may send a
maliciously crafted request to the Web server to cause a
DoS.
This signature detects attempts to exploit a vulnerability in
VisNetic WebSite. Versions 3.5.13.1 and earlier are vulnerable.
Attackers may send a malicious OPTIONS request to crash
the server.
This signature detects attempts to access a debug mode
web shell supplied with the Motorola WR850 Wireless
Router. Attackers may use this access exploit in conjunction
with an authentication bypass exploit to gain full control
over the router.
This signature detects denial-of-service (DoS) attempts
that exploit the Web Publishing REVLOG command in
Netscape Enterprise Server 3.x.
This signature detects directory traversal attempts on Novell
NetWare Web Server 2.x. The convert.bas CGI script allows
file retrieval outside of normal Web server context. Attackers
may submit the filename and path as a parameter to the
script using relative paths (../../) to traverse directories.
This signature detects buffer overflow attempts that exploit
the win-c-sample.exe sample script vulnerability in O'Reilly
Website Pro 2.0 Web server. The script is placed in the
/cgi-shl directory off of the Web root by default.
DI has detected a suspiciously long Accept header.
DI has detected a suspiciously long Accept-Encoding header.
DI has detected a suspiciously long Accept-Language header.
This signature detects buffer overflow attempts against
ATPhttp versions 0.4b and earlier. Attackers may send an
overly long GET request to the Web server daemon to
overflow the buffer.
This protocol anomaly is an HTTP authorization header that
exceeds the user-defined maximum. The default length is
128.
Appendix E: Log Entries
critical sos5.0.0,
sos5.1.0
critical sos5.1.0
medium sos5.1.0
medium sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
critical sos5.1.0
medium sos5.1.0
871