Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 957

HTTP:TUNNEL:CHAT-YIM
HTTP:TUNNEL:HTTPTUNNEL-URL
HTTP:TUNNEL:KAZAA-OVER-HTTP
HTTP:TUNNEL:SSH
HTTP:TUNNEL:TELNET
HTTP:WASD:CONF-ACCESS
HTTP:WASD:DIR-TRAV
HTTP:WEBLOGIC:URL-REVEAL-SRC
HTTP:WEBLOGIC:WEBROOT
HTTP:WEBPLUS:DIR-TRAVERSAL
HTTP:WEBSPHERE:VER-DOS
Copyright © 2010, Juniper Networks, Inc.
This signature detects Yahoo Instant Messenger Proxy over
HTTP. Users may use proxy connections over the HTTP port
to circumvent firewall policies.
This signature detects traffic from the HTTPTunnel utility.
HTTPTunnel masquerades a network session in HTTP traffic.
This signature detects attempts to connect to a Kazaa server
over HTTP. Kazaa is a common Peer to Peer file sharing
system. Users may be attempting to download files.
This signature detects SSH over HTTP. Attackers may send
SSH over the HTTP port to circumvent firewall policies.
This signature detects Telnet over HTTP. Attackers may
send Telnet over the HTTP port to circumvent firewall
policies.
This signature detects attempts to exploit a vulnerability in
the WASD HTTP Server for OpenVMS. Default installations
of 1.0 and earlier are vulnerable. Attackers may download
the configuration file for the server and obtain information
on the ACL and internal directory structure.
This signature detects directory traversal attempts against
WASD HTTP Server for OpenVMS. WASD version 1.0 and
earlier are vulnerable. Attackers may navigate to any
directory on the server.
This signature detects attempts to exploit a vulnerability in
Bea Weblogic. Version V6.1 Service Pack 2 on Windows 2000
Server is vulnerable. Attackers may append the string
"%00x" to a URL request to read the contents of a .jsp file.
This signature detects attempts to exploit a vulnerability in
Bea Weblogic. Version V6.1 Service Pack 2 on Windows 2000
Server is vulnerable. Attackers may append the string
"%00.jsp" to a normal .html request, causing a compiler
error that prints the path to the physical web root.
This signature detects attempts to exploit the input
validation vulnerability in the main CGI in TalentSoft Web+,
an e-commerce storefront provider. Attackers may pass a
script variable that specifies a filepath to the webpsvr
daemon, and gain access to any file on the system that the
UID of the Web server has access to.
This signature detects denial-of-service (DoS) attempts
against the caching proxy in IBM WebSphere Edge Server.
Version 2.0 is vulnerable. Attackers may send a maliciously
crafted HTTP GET request that does not have a proper
version identifier to crash the proxy service and render the
proxy unusable.
Appendix E: Log Entries
info sos5.1.0
low sos5.1.0
info sos5.1.0
info sos5.1.0
info sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
907