NetProwler 3.5.1 Security Update 2

August 8, 2001

NetProwler 3.5.1 Security Update 2

Description

NetProwler 3.5 SU2 introduces signatures that detect malicious embedded e-mail content, and a variety of attacks against web servers. This update contains 16 new signatures, and does not include update 1. You may obtain NetProwler 3.5.1 SU2 through the product's auto update feature.

Security Update 2 Signatures

CFMLSyntaxCheck_CGI

The sample file, CFMLSyntaxCheck.cfm, can be used in a DOS attack and may allow unauthorized access to your web server.

CodeBrws_CGI

SiteServer sample, codebrws.asp, allows remote users to view any file on the file system.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0736

EMail_Embedded_Access_Object

Embedded Access object references in HTML e-mail may allow unauthorized system access.

EMail_Embedded_Excel_Object

Excel objects scripted in HTML e-mail allow unauthorized access to the file system.

EMail_Embedded_JavaScript

Embedded JavaScript in HTML e-mail may allow unauthorized system access.

EMail_Embedded_PowerPoint_Object

PowerPoint objects scripted in HTML e-mail allow unauthorized access to the file system.

EMail_Embedded_Script

Embedded scripts in HTML e-mail may allow unauthorized system access.

EMail_Embedded_VBScript

Embedded Visual Basic scripts in HTML e-mail may allow unauthorized system access.

Evaluate_CGI

The sample file, evaluate.cfm, may allow users unauthorized access to your web server.

ExprCalc_CGI

ColdFusion Exprcalc.cfm can be used to read, write, and delete files.

FileExists_CGI

The sample file, fileexists.cfm, allows users to detect the existence of files on your web server.

Javascript_GetObject

This signature detects the GetObject exploit for Internet Explorer 5.x, Outlook and Outlook Express '97, '98, and 2000

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0149

MainFrameSet_CGI

The sample file, MainFrameSet.cfm, may allow users to bypass host-based authnetication.

NOOP_String

This signature detects strings of NOOP (no operation) characters as commonly found in exploit attempts to compromise system access.

NTFS_DATA_Suffix

Some web servers fail to recognize file extensions on URLs ending with ::$DATA. With NTFS, this allows users to download potentially sensitive content (such as .asp files) that would normally be processed by the server.

RDS_Shell

This signature detects attempts to execute shell commands remotely through the RDS interface in Microsofts IIS.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-1011

SourceWindow_CGI

ColdFusion SourceWindow.cfm can allow users to read, write, and delete files.

ViewCode_CGI

The sample file, ViewCode.asp, may allow users to view sensitive server-side scripts.

WebHits_CGI

A bug in webhits.ull included in Microsoft's IIS server allows read access to files outside the web root.

Last modified on: Thursday, 27-Sep-01 21:00:15