Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 938

Network and Security Manager Administration Guide
HTTP:CGI:DCFORUM-AZ-EXEC
HTTP:CGI:FORMMAIL-ENV-VAR
HTTP:CGI:HASSAN-DIR-TRAVERSAL
HTTP:CGI:HTDIG-INCLUSION
HTTP:CGI:HYPERSEEK-DIR-TRAVERSL
HTTP:CGI:IKONBOARD-BADCOOKIE
HTTP:CGI:INFO2WWW-EXEC
HTTP:CGI:INFOSRCH-REMOTE-EXEC
HTTP:CGI:LIBCGI-RFP-OVERWRITE
HTTP:CGI:MOREOVER-CACHE-FEED
HTTP:CGI:TECHNOTE-MAIN-DCLSR
888
This signature detects shell attempts to exploit the
dcforum.cgi script in DCScripts DC Forum (all versions),
which is used to manage web-based discussion boards.
Attackers may use maliciously crafted URL requests with
the pipe and newline characters to execute arbitrary scripts
on the Web server.
This signature detects access to the FormMail CGI program.
Attackers may use this program to remotely execute
commands.
This signature detects attempts to exploit a vulnerability in
the Hassan shopping cart script shop.cgi. Attackers may
access arbitrary system files.
This signature detects attempts to exploit a vulnerability in
ht://dig, a Web content search engine for UNIX. Because
ht://dig improperly validates form input, attackers may pass
a maliciously crafted variable to the htsearch CGI script to
read files accessible to the program user.
This signature detects attempts to exploit a vulnerability in
hsx.cgi, which ships as part of iWeb Hyperseek 2000.
Attackers may view arbitrary files and directories.
This signature detects attempts to exploit a vulnerability in
IkonBoard, a popular Web-based discussion board. Attackers
may send a maliciously crafted cookie that contains illegal
characters to IkonBoard to execute arbitrary code with
IkonBoard privileges (typically user level).
This signature detects attempts to exploit a vulnerability in
the info2www CGI script. Attackers may execute arbitrary
binaries on the Web server.
This signature detects attempts to exploit a vulnerability in
the infosrch.cgi script. Attackers may execute commands
on the Web server.
This signature detects attempts to exploit a vulnerability in
LIB CGI. Attackers may inject maliciously crafted C code into
LIB CGI applications to overwrite the Frame Pointer and
execute arbitrary code on the host.
This signature detects attempts to exploit a vulnerability in
the cached_feed.cgi script provided by moreover.com.
Attackers may view arbitrary system files that are readable
by the HTTPd process.
This signature detects directory traversal attempts that
exploit the main.cgi script in TECH-NOTE 2000. Because
the script validates input incorrectly, attackers may remotely
access arbitrary files from the server.
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
Copyright © 2010, Juniper Networks, Inc.