Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 944

Network and Security Manager Administration Guide
HTTP:PKG:ALLAIRE-JRUN-DOS
HTTP:PKG:DB4WEB-FILE-ACCESS-LIN
HTTP:PKG:EWAVE-SERVLET-DOS
HTTP:PKG:MOUNTAIN-ORDR-DSCLSR
HTTP:PKG:WEBGAIS-REMOTE-EXEC
HTTP:PROXY:DOUBLE-AT-AT
HTTP:REQERR:HEADER-INJECT
HTTP:REQERR:REQ-INVALID-FORMAT
HTTP:REQERR:REQ-LONG-UTF8CODE
HTTP:REQERR:REQ-MALFORMED-URL
HTTP:SAVANT:GET-DOT1
HTTP:SPYWARE:DOWNLOAD-ACCEL
894
This signature detects an attempt to launch a
denial-of-service (DoS) in Allaire JRun 3.0/3.1. Attackers
may send a long string of '.' characters after the /servlet/
prefix in the URL to cause the server to interpret the URL as
a very large tree of nonexistent directories and to consume
system resources.
This signature detects attempts to exploit a vulnerability in
DB4Web (R) Application Server for Windows. Attackers may
use a Web browser to download arbitrary files to the target
host and obtain system information such as passwords.
This signature detects denial-of-service (DoS) attempts
against the eWave Servlet JSP. Attackers may remotely send
URL requests to cause the Servlet engine to terminate
abruptly.
This signature detects attempts to exploit a vulnerability in
Mountain Network Systems Webcart software. Attackers
may remotely execute arbitrary commands on the server.
This signature detects attempt to exploit the websendmail
script in WebGais. Attackers may execute arbitrary
commands on the Web server.
This signature detects URLs that contain multiple @
characters. Squid/2.3.STABLE5 is vulnerable. Internet
Explorer users may use these malicious URLs to evade web
proxies and gain direct access to the internet.
This signature detects attempts to exploit an input validation
vulnerability in HTTP. Attackers may use encoded CR/LF
(carriage return/line feed) characters in an HTTP response
header to split HTTP responses into multiple parts, enabling
them to misrepresent web content to the recipient.
This protocol anomaly is an invalid HTTP request format,
such as a request that begins before a previous one ends.
This protocol anomaly is an HTTP request with an
exceedingly long UTF8 codes. This may be an attempt to
overflow a portion of the Web server, or that a script is being
made available to the Web server.
This protocol anomaly is a malformed URL, such as a
Unicode encoded field with non-hex digits or an encoded
NULL byte.
This signature detects denial-of-service (DoS) attempts
against the Savant HTTP server. Savant HTTP server 3.0
and earlier versions are vulnerable. Attackers may send a
maliciously crafted HTTP GET request to the Web server to
crash the server and create a DoS.
This signature detects the use of Download Accelerator, a
spyware application.
high sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
info sos5.1.0
Copyright © 2010, Juniper Networks, Inc.