Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 935

HTTP:IIS:WEBDAV:MALFORMED-REQ1
HTTP:IIS:WEBDAV:MALFORMED-REQ2
HTTP:IIS:WEBDAV:SEARCH-OF
HTTP:IIS:WEBDAV:XML-HANDLER-DOS
HTTP:INFO:HTTPPOST-GETSTYLE
HTTP:INFO-LEAK:GOAHEAD-PERM
HTTP:INFO-LEAK:HTACCESS
HTTP:INFO-LEAK:HTPASSWD-REQUEST
HTTP:INFO-LEAK:VIGNETTE-DIAG
HTTP:INFO-LEAK:VIGNETTE-LEAK
Copyright © 2010, Juniper Networks, Inc.
This signature detects denial-of-service (DoS) attempts
against Microsoft IIS 5.0 servers with WebDAV extensions
enabled. Attackers may send a maliciously crafted WebDAV
SEARCH request in an HTTP request to DoS the Web server.
This signature detects denial-of-service (DoS) attempts
against Microsoft IIS 5.0 servers with WebDAV extensions
enabled. Attackers may send a maliciously crafted WebDAV
SEARCH request in an HTTP request to DoS the Web server.
This signature detects buffer overflow attempts against
Microsoft IIS WebDAV. Attackers may send a maliciously
crafted WebDAV URL request that contains 65535 or 65536
bytes to the Web server to execute arbitrary code as the
system account.
This signature detects denial-of-service (DoS) attempts
against the WebDAV XML Message Handler in Microsoft IIS.
Attackers may send a malicious HTTP request to a WebDAV
enabled IIS server to cause it to consume all system
resources. A machine reboot is required to resume service.
This signature detects HTTP POST requests with GET
parameters. POST requests should not have parameters on
the same line as the request method. This may indicate a
poorly-written Web application or HTTP tunneling.
"This signature detects attempts to bypass directory
permissions set on the /cgi-bin directory of a GoAhead web
server. GoAhead WebServer versions 2.1.8 and earlier are
vulnerable. Attackers may supply an invalid URL to the server
to reveal the contents of certain private directories on the
server.
This signature detects probes for the .htaccess file, used by
the Apache Web server for configuration directives. Attackers
may be attempting to gain access to the Web server.
This signature detects attempts to access the .htpasswd
file on a Web server.
This signature detects attempts to access the diagnostic
utility supplied with the Vignette Application server. Because
the utility does not use access controls, attackers (or any
client) may connect to the utility and access sensitive
configuration information.
"This signature detects attempts to exploit a vulnerability
in Vignette Story Server. Vignette Story Server versions 4.1
and 6 are vulnerable. Attackers may expose information
about user sessions, server side code, and other sensitive
information.
Appendix E: Log Entries
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
critical sos5.1.0
medium sos5.1.0
info sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
low sos5.0.0,
sos5.1.0
885