Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 930

Network and Security Manager Administration Guide
HTTP:CISCO:VOIP:PORT-INFO-DOS
HTTP:CISCO:VOIP:STREAM-ID-DOS
HTTP:COLDFUSION:EXPRCALC-OPNFIL
HTTP:COLDFUSION:HEADER-LOG-OF
HTTP:COLDFUSION:JRUN-SC-PARSE
HTTP:DIR:CRYSTAL-REPORTS
HTTP:DIR:DEEP-PARAM-TRAVERSE
HTTP:DIR:PARAM-TRAVERSE
HTTP:DIR:TRAVERSE-DIRECTORY
HTTP:EXPLOIT:AMBIG-CONTENT-LEN
880
This signature detects attempts to exploit a vulnerability in
Cisco VoIP phones. Versions CP-7910 and later are
vulnerable. Attackers may send an arbitrarily long (120000+)
StreamID to the PortInformation script to cause an error
message that displays a memory dump. Attackers may use
this information to reconstruct the calling patterns of a
particular phone.
This signature detects denial-of-service (DoS) attempts
against Cisco VoIP phones. Versions CP-7910 and later are
vulnerable. Attackers may send an arbitrarily long (120000+)
StreamID to the StreamingStatistics script to cause the
phone to reset, creating a DoS for 30 seconds (or until the
phone reboots).
This signature detects attempts to exploit a vulnerability in
the ColdFusion ExprCalc.cfm script. Attackers may delete
files from a Web server.
This signature detects attempts to exploit a vulnerability in
the JRun component of Macromedia ColdFusion web server.
Attackers may send overly long HTTP headers to overflow
the logging function, enabling an attacker to crash or take
control of the web server.
This signature detects attempts to exploit a vulnerability in
the JRun component of Macromedia ColdFusion web server.
Attackers may pass a semicolon character to JRun to expose
the script source code and other sensitive files.
This signature detects attempts to exploit a vulnerability in
Microsoft Crystal Reports. Users of Visual Studio .NET 2003,
Outlook 2003 with Business Contact Manager, or Microsoft
Business Solutions Customer Relationship Management
(CRM) 1.2 are affected. Attackers may send a malformed
URL to the server to read or write to any file on the server.
This signature detects directory traversal attempts within
HTTP GET or POST form parameters that extend three or
more directories. Attackers may exploit a poorly-written CGI
program to access or modify private files.
This signature detects directory traversal attempts within
HTTP GET or POST form parameters. Attackers may exploit
a poorly-written CGI program to access or modify private
files.
This protocol anomaly is an HTTP directory traversal
attempt, i.e. /../ or /./. This may indicate an attempt to evade
an IDS (DI is not vulnerable). Note that some Websites refer
to directories in a way that looks like a traversal.
This protocol anomaly is an HTTP request that has a
Content-Length and Transfer-Encoding header.
RFC-2616#4.4 specifies that only one of these two headers
should be used in an HTTP request.
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
high sos5.1.0
low sos5.0.0,
sos5.1.0
high sos5.1.0
medium sos5.1.0
low sos5.1.0
medium sos5.0.0,
sos5.1.0
low sos5.0.0,
sos5.1.0
Copyright © 2010, Juniper Networks, Inc.