Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 948

Network and Security Manager Administration Guide
HTTP:WIN-CMD:WIN-CMD-EXE
HTTP:WIN-CMD:WIN-RGUEST
HTTP:WIN-CMD:WIN-WGUEST
HTTP:XSS:HDR-REFERRER
HTTP:XSS:HTML-SCRIPT-IN-URL-PRM
HTTP:XSS:HTML-SCRIPT-IN-URL-PTH
HTTP:XSS:URL-IMG-XSS
IMAP:FAILURE:BRUTE-FORCE
IMAP:IPSWITCH:DELE-OF
IMAP:OVERFLOW:COMMAND
898
This signature detects the Windows command 'cmd.exe'
within a URL. This command does not normally appear in a
URL, and may indicate an attempt to compromise the
system.
This signature detects the Windows command 'rguest.exe'
within a URL. This command does not normally appear in a
URL, and may indicate an attempt to compromise the
system.
This signature detects the Windows command 'wguest.exe'
within a URL. This command does not normally appear in a
URL, and may indicate an attempt to compromise the
system.
This signature detects attempts to exploit a cross-site
scripting vulnerability. Attackers may embed malicious HTML
tags within the HTTP Referrer header; because some web
servers and server-side applications parse this data
incorrectly, attackers can successfully execute a cross-site
scripting attack.
This signature detects attempts at cross site scripting
attacks. Attackers may create a malicious Web site that
includes HTML embedded in the hyperlinks, which might
violate site security settings. Attackers may then view the
Web cookies from your computer; Web cookies typically
contain sensitive information such as usernames, passwords,
credit card numbers, social security numbers, bank accounts,
etc.
This signature detects cross site scripting attacks. Attackers
may create a malicious Web site that includes HTML
embedded in the hyperlinks, which might violate site security
settings. Attackers may then view the Web cookies from a
target computer. Web cookies typically contain sensitive
information such as usernames, passwords, credit card
numbers, social security numbers, and bank account
numbers.
This signature detects HTML <img> tags in URLs that include
Javascript. Because <img> tags should never be present in
URLs, the presence of Javascript in such a URL is a clear
indication of a Cross-Side Scripting (XSS) attack. XSS
attacks are typically Web browser-independent.
This protocol anomaly is multiple login failures within a short
period of time between a unique pair of hosts.
This signature detects buffer overflow attempts against
IPSwitch IMAP server. Attackers may send an overly long
delete command (DELE) to overflow the buffer and take
complete control of the server.
This protocol anomaly is an IMAP command that is too long.
This may indicate a buffer overflow attempt.
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
low sos5.0.0,
sos5.1.0
medium sos5.1.0
medium sos5.1.0
high sos5.1.0
high sos5.1.0
high sos5.1.0
high sos5.0.0,
sos5.1.0
Copyright © 2010, Juniper Networks, Inc.