Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 930

Network and Security Manager Administration Guide
HTTP:STC:EICAR-DOWNLOAD
HTTP:STC:EXCEL-CELL-OF
HTTP:STC:IE:CONT-LOC-ZON-BYPASS
HTTP:STC:IE:EXEC-CMD-FILE-SPOOF
HTTP:STC:WINAMP:CDDA-OF
HTTP:STC:WINAMP:CDDA-OF2
HTTP:TOMCAT:JSP-AS-HTML
HTTP:TOMCAT:SERVLET-DEVICE-DOS
HTTP:TUNNEL:ALTNET-OVER-HTTP
HTTP:TUNNEL:CHAT-AOL-IM
HTTP:TUNNEL:CHAT-MSN-IM
880
This signature detects the EICAR antivirus test file
downloaded via HTTP.
This signature detects a maliciously crafted Microsoft Excel
file downloaded via HTTP. Attackers may supply an Excel
document that contains an overly long Cell Length field to
overflow the buffer and execute arbitrary code on the client.
This signature detects attempts to circumvent a security
zone feature that warns when executable files are
downloaded. WindowsXP Service Pack 2 and Internet
Explorer 6 are vulnerable. Attackers may trick a user into
downloading a file that the user did not know was
executable. Similarly, viruses and worms may use this
method to download themselves onto target computers.
This signature detects attempts to exploit a vulnerability in
the way that Internet Explorer handles the Javascript
execCommand function. Attackers may trick a user into
saving a file that the user thinks is HTML, but is actually an
executable file.
This signature detects the download of a maliciously crafted
WinAmp playlist file. Using WinAmp to open this file may
execute arbitrary code.
This signature detects the download of a maliciously crafted
WinAmp playlist file. Using WinAmp to open this file may
execute arbitrary code.
This signature detects attempts to exploit a vulnerability in
Apache Tomcat. Apache Tomcat 3.3.1 and earlier are
vulnerable. Attackers may send a maliciously crafted URL
to cause the server to parse a .jsp file as HTML code and
display the JSP code, allowing attackers to retrieve normally
inaccessible files.
This signature detects denial-of-service (DoS) attempts
against Apache Group Tomcat Server. Attackers may request
a device name from the /examples/servlet directory to
render the server inaccessible. This signature also detects
attempts to run neuter.c and similar exploits.
This signature detects attempts to connect to a Altnet server
over HTTP. Altnet is a component of Kazaa, a common Peer
to Peer file sharing system. Users may be attempting to
download files.
This signature detects AOL Instant Messenger Proxy over
HTTP. Users may use proxy connections over the HTTP port
to circumvent firewall policies.
This signature detects MSN Instant Messenger over HTTP.
Users may use proxy connections over the HTTP port to
circumvent firewall policies.
info sos5.1.0
high sos5.1.0
medium sos5.1.0
medium sos5.1.0
high sos5.1.0
high sos5.1.0
medium sos5.1.0
medium sos5.0.0,
sos5.1.0
info sos5.1.0
info sos5.1.0
info sos5.1.0
Copyright © 2010, Juniper Networks, Inc.