NetProwler 3.5.1 SU19 introduces a total of nine (9) new signatures. New signatures include the detection of a NetTerm Buffer Overflow, a Cisco Denial of Service (DoS), a Microsoft Internet Information Service (IIS) ISAPI DoS, a Microsoft IIS Buffer Overflow, and the exploitation of vulnerabilities that exist in four separate cgi scripts. You may obtain NetProwler 3.5.1 SU 19 through the product's auto update feature.
- FTP_NetTerm_BO
This signature detects the attempt to exploit a vulnerability in NetTerm that allows visitors to execute commands with the permissions of the NetTerm FTP daemon, due to a lack of checks on user input. The result of this potentially unauthorized execution of commands is access to sensitive information, and the ability to perform any privileged operation on the server.
http://online.securityfocus.com/bid/819
- HTTP_CGI_EZShopper_CmdExecution
This signature detects the attempt to exploit a vulnerability in EZShopper that allows visitors to execute commands with the permissions of the EZShopper script owner, due to a lack of checks on user input. The result of this potentially unauthorized execution of commands is access to sensitive information, and the ability to perform any privileged operation on the server.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0187
- HTTP_CGI_EZShopper_FileRead
This signature detects the attempt to exploit a vulnerability in EZShopper which allows visitors to read protected files on the server hosting the EZShopper script, due to a lack of checks on user input. The result of this potentially unauthorized file reading activity is access to sensitive information.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0187
- HTTP_CGI_QuikStore_Request
This signature detects the attempt to exploit a vulnerability that allows visitors to read the configuration file on the server hosting the QuikStore script, due to an incorrect configuration. The result of this potentially unauthorized file reading activity is access to sensitive information.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0607
- HTTP_CGI_SoftCart_FileRequest
This signature detects the attempt to exploit a vulnerability that allows visitors to read SoftCart order log files on the server hosting the SoftCart script, due to an incorrect configuration. The result of this potentially unauthorized execution of commands is access to sensitive information, and the ability to perform any privileged operation on the server.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0609
- HTTP_CGI_SGI_Webdist_Request
This signature detects the attempt to exploit a vulnerability in webdist.cgi that allows visitors to execute commands with the permissions of the http daemon, due to a lack of checks on user input. The result of this potentially unauthorized execution of commands is access to sensitive information, and the ability to perform any privileged operation on the server.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0039
- HTTP_Cisco_IOS_DoS
This signature detects the attempt to exploit a vulnerability that allows attackers to deny routing services by overflowing a buffer on the Cisco router operating system. The result of this attack is loss of access to network nodes and services provided via the router.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0380
- HTTP_MS_IIS_ISAPI_Filter_DoS
This signature detects the attempt to exploit a vulnerability that allows attackers to deny Internet Information Service (IIS) web services by overflowing an ISAPI filter buffer. The result of this attack is loss of access to the web site(s) and services hosted by the IIS server.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0072
- HTTP_MS_IIS_RAD_BO
This signature detects the attempt to exploit a vulnerability that allows visitors to execute commands with the permissions of the system administrator, due to a lack of checks on user input. The result of this potentially unauthorized execution of commands is access to sensitive information, and the ability to perform any privileged operation on the server.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0341
Last modified on: Monday, 16-Sep-02 17:06:51
|
