Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 929

HTTP:CGI:TECHNOTE-PRINT-DSCLSR
HTTP:CGI:W3-MSQL-CGI-OF
HTTP:CGI:W3-MSQL-FILE-DISCLSR
HTTP:CGI:WEBPALS-EXEC
HTTP:CGI:WEBSPEED-WSMADMIN
HTTP:CGI:WEBSPIRS-FILE-DISCLSR
HTTP:CGI:YABB-DIR-TRAVERSAL
HTTP:CHKP:AUTH-FMT-STR
HTTP:CHKP:FW1-FORMAT-STR
HTTP:CHKP:FW1-PROXY
HTTP:CISCO:IOS-ADMIN-ACCESS
Copyright © 2010, Juniper Networks, Inc.
This signature detects directory traversal attempts that
exploit the print.cgi script in TECH-NOTE 2000. Because the
script validates input incorrectly, attackers may remotely
access arbitrary files from the server.
This signature detects attempts to exploit a vulnerability in
W3-msql, a CGI program that acts as a Web interface for
Mini SQL (mSQL). W3-msql version 2.0.11 is vulnerable.
Attackers may remotely send a maliciously crafted scanf
call to overflow the content-length field and execute
arbitrary code with Web server privileges.
This signature detects buffer overflow attempts that exploit
the w3-msql CGI script in mini-SQL. Attackers may execute
arbitrary commands on the server.
This signature detects attempts to exploit a vulnerability in
the WebPALS CGI script. Attackers may remotely execute
arbitrary code with root permissions.
This signature detects attempts to gain administrative
access to the WebSpeed server without normal
authentication.
This signature detects attempts to exploit a vulnerability in
the SilverPlatter WebSPIRS webspirs.cgi file. Attackers may
access arbitrary system files
This signature detects attempts to exploit a vulnerability in
the YaBB.pl CGI script. Attackers may view arbitrary files.
This signature detects attempts to exploit a vulnerability in
some Web servers and Web proxies. Attackers may send
user authentication that includes format strings to crash
some Web servers, creating a denial-of-service (DoS) or
enabling the attackers to take control of the firewall as root.
This signature detects attempts to exploit a vulnerability in
the CheckPoint AI/Smart Defense HTTP proxy engine.
Attackers may send a scheme that includes format strings
to crash the proxy engine, creating a denial-of-service (DoS)
or enabling the attackers to take control of the firewall as
root.
This signature detects attempts to exploit the web proxy
functions of CheckPoint FireWall-1. When the HTTP
CONNECT method, used to build generic Transit Layer
Security over HTTP, is used by default, the firewall web
proxies may be used as open TCP proxies. Attackers may
use an HTTP proxy to connect to a server, then use the
CONNECT method to access other servers and launch further
attacks.
This signature detects attempts to exploit a vulnerability in
Cisco IOS. Attackers may remotely gain full administrative
access to the router.
Appendix E: Log Entries
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
critical sos5.0.0,
sos5.1.0
critical sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
critical sos5.1.0
critical sos5.1.0,
sos5.0.0
medium sos5.0.0,
sos5.1.0
critical sos5.0.0,
sos5.1.0
879