Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 943

HTTP:IIS:COMMAND-EXEC
HTTP:IIS:COMMAND-EXEC-2
HTTP:IIS:DATA-DISCLOSURE
HTTP:IIS:HEADER-HOST-DOS
HTTP:IIS:IIS-NSIISLOG-OF
HTTP:IIS:ISAPI-IDA-OVERFLOW
HTTP:IIS:ISAPI-IDQ-OVERFLOW
HTTP:IIS:ISAPI-PRINTER-OVERFLOW
HTTP:IIS:MALFORMED-HTR-REQUEST
HTTP:IIS:MDAC-RDS
Copyright © 2010, Juniper Networks, Inc.
This signature detects attempts to exploit Microsoft
Windows Web servers. Attackers may send a maliciously
crafted url containing the string "cmd.exe" to execute
commands on the Web server.
This signature detects attempts to exploit a vulnerability in
Microsoft IIS. Attackers may execute arbitrary commands
on the Web server.
This signature detects attempts to obtain the sourcecode
of Active Server Pages served by Microsoft's Internet
Information Server. In IIS, remote attackers can obtain source
code for ASP files by appending "::$DATA" to the URL.
This signature detects denial-of-service (DoS) attempts
against Microsoft IIS. Attackers may pass maliciously
malformed header values to the host to crash the IIS service.
This signature detects buffer overflow attempts against
Microsoft Windows Media Services, included with Microsoft
Windows 2000 Server SP4. Attackers may send a
maliciously crafted HTTP 'POST' request to overflow the
buffer.
This signature detects buffer overflow attempts against
Microsoft ISAPI Indexing Service for IIS. Index Server 2.0 and
Indexing Service 2000 in IIS 6.0 beta and earlier versions are
vulnerable. Attackers may send a long argument to Internet
Data Administration (.ida) and Internet Data Query (.idq)
files to overflow the buffer in the ISAPI extension (idq.dll)
and execute arbitrary commands.
This signature detects buffer overflow attempts against
Microsoft ISAPI Indexing Service for IIS. Index Server 2.0 and
Indexing Service 2000 in IIS 6.0 beta and earlier versions are
vulnerable. Attackers may send a long argument to Internet
Data Administration (.ida) and Internet Data Query (.idq)
files to overflow the buffer in the ISAPI extension (idq.dll)
and execute arbitrary commands.
This signature detects attempts to execute a buffer overflow
in the Microsoft IIS 5.0 .printer ISAPI extension.
This signature detects malformed .htr requests that may
cause a denial-of-service (DoS).
This signature detects attempts to exploit the Microsoft
Data Access Components (MDAC) Remote Data Services
(RDS) component. Attackers may access files and other
services.
Appendix E: Log Entries
medium sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
critical sos5.1.0,
sos5.1.0
critical sos5.1.0
critical sos5.1.0,
sos5.0.0
critical sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
893