Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 932

Network and Security Manager Administration Guide
HTTP:EXT:JOB
HTTP:FRONTPAGE:ADMIN.PWD-REQ
HTTP:FRONTPAGE:DOS-NAME-DOS
HTTP:FRONTPAGE:FOURDOTS
HTTP:FRONTPAGE:FP30REG.DLL-OF
HTTP:FRONTPAGE:SERVICE.PWD-REQ
HTTP:HOSTCTRL:BROWSE-ASP
HTTP:HOTMAIL:EXE-DOWNLOAD
HTTP:IIS:AD-SERVER-CONFIG
HTTP:IIS:ASP-CODEBROWSER-EXAIR
HTTP:IIS:ASP-DOT-NET-BACKSLASH
HTTP:IIS:BAT-&
882
This signature detects an attempt to download a Microsoft
Task Scheduler (.job) file. Opening a malicious .job file in
Task Scheduler may allow for arbitrary code execution,
leading to system compromise. This vulnerability is present
in Microsoft Windows 2000 Service Pack 2 and later. It is
also present in Microsoft Windows XP Service Pack 1.
This signature detects attempts to access the Microsoft
FrontPage Extensions for UNIX .pwd file that contains
sensitive account information.
This signature detects attempts to exploit a known
vulnerability in Microsoft Frontpage. Attackers may send a
malformed request with an MS-DOS device name to
shtml.exe to crash the server.
This signature detects attempts to exploit the '/..../' directory
traversal vulnerability in Microsoft FrontPage PWS.
This signature detects buffer overflow attempts against
Microsoft FrontPage extensions in Windows 2000 and XP.
Attackers may execute arbitrary code on the target host.
This signature detects attempts to access the Microsoft
FrontPage extensions for UNIX .pwd file which contains
sensitive account information.
This signature detects attempts to exploit a vulnerability in
the browse.asp script supplied with Hosting Controller, a
tool that allows Microsoft Windows network administrators
to centralize administrative tasks into one interface.
Attackers may send a maliciously crafted URL request for
browse.asp to view arbitrary directories and files on hard
drives.
This signature detects attempts by users to download
potentially hazardous attachments from MSN Hotmail.
This signature detects attempts to download the site.csc
configuration file for Microsoft Ad Server. Attackers may
access sensitive information.
This signature detects attempts to exploit the Showcode
ASP vulnerability in Microsoft IIS.
This signature detects backslash (\) characters in the URL
portion of an HTTP request. Attackers may use a backslash
as a directory separator instead of the normal forward slash
(/) to bypass the Microsoft IIS ASP.Net authentication
capabilities and access protected resources. Note: A poorly
configured web server may also display a backslash in a
non-malicious URL request.
This signature detects attempts to execute a command by
specifying a .bat or .cmd extension to a Microsoft Windows
Web server.
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
medium sos5.0.0,
sos5.1.0
critical sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
high sos5.0.0,
sos5.1.0
Copyright © 2010, Juniper Networks, Inc.