Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 929

HTTP:SPYWARE:GATOR
HTTP:SPYWARE:NEW-DOT-NET
HTTP:SQL:INJECTION:CMD-CHAIN-1
HTTP:SQL:INJECTION:CMD-CHAIN-2
HTTP:SQL:INJECTION:CMD-IN-URL
HTTP:SQL:INJECTION:FACTO-CMS
HTTP:SQL:INJECTION:GENERIC
HTTP:SQL:INJECTION:POSTNUKE
HTTP:SQL:INJECTION:WS2000
HTTP:STC:ACROBAT-EXT-OF
HTTP:STC:ACROBAT-UUEXEC
Copyright © 2010, Juniper Networks, Inc.
This signature detects the use of Gator, a spyware
application.
This signature detects the use of New.net, a spyware
application.
This signature detects a SQL command sequence in a URL.
Because SQL commands are not normally used in HTTP
connections, this may indicate a SQL injection attack.
However, it may also be a false positive.
This signature detects a long SQL command sequence in a
URL. Because SQL commands are not normally used in HTTP
connections, this may indicate a SQL injection attack.
This signature detects SQL commands within a URL.
Because SQL commands are not normally used in HTTP
connections, this may indicate a SQL injection attack.
However, it may be a false positive.
This signature detects attempts to exploit a vulnerability in
the FactoSystem Content Management System (CMS).
Attackers may introduce instructions into a SQL query to
create a non-authorized CMS account.
This signature detects specific characters, typically used in
SQL, within an HTTP connection. Because these characters
are not normally used in HTTP, this may indicate a SQL
injection attack. However, it may be a false positive. Some
attempts at Cross Site Scripting attacks will also trigger this
signature.
This signature detects directory traversal attempts against
the modules.php script included with PostNuke. PostNuke
versions 0.723 and earlier are vulnerable. Attackers may send
a maliciously crafted request to the modules.php to traverse
the directory structure and execute SQL queries to the
PostNuke database.
This signature detects SQL injection attempts against a
WebStore2000 server. Attackers may inject SQL code into
the Item_ID parameter of a maliciously crafted request,
enabling them to execute arbitrary SQL commands on the
WebStore2000 server.
This signature detects buffer overflow attempts against
Adobe Acrobat Reader. A malicious HTTP server may host
an Adobe Acrobat file with an overly long extension; when
a client opens this file in Adobe Acrobat Reader, the file
triggers a buffer overflow, enabling the server to execute
arbitrary code on the client.
This signature detects a maliciously crafted PDF file
downloaded via HTTP. Attackers may insert certain shell
metacharacters at the beginning of a uuencoded PDF file to
force Adobe Acrobat to execute arbitrary commands upon
loading the file.
Appendix E: Log Entries
info sos5.1.0
info sos5.1.0
medium sos5.1.0
high sos5.1.0
low sos5.1.0
medium sos5.0.0,
sos5.1.0
info sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0,
sos5.1.0
high sos5.1.0
high sos5.1.0
879