ISS RealSecure Network Sensor Policy
[ issPolicy v1.01 | http://packet.sequenced.org/projects/isspolicy ]



POLICY INFORMATION

   Policy File: policies/AttackDetector.policy
   Policy Name: Attack Detector
   Policy Version: 7.0.2003.59
   Sensor Type: RealSecure Network Sensor (v7.0)


SIGNATURES POLICY

Response Summary Legend: DISPLAY | LOGDB | EMAIL | SNMP | RSKILL | OPSEC | LOGEVIDENCE | VIEWSESSION

Signature Name	Signature Description	Signature Status	Signature Priority	Response Summary	Log
AIX_Pdnsd_Overflow	AIX pdnsd buffer overflow	Enabled	HIGH		LogWithoutRaw
AOLIM_AddExternalApp_Overflow	AOL Instant Messenger AddExternalApp Overflow	Enabled	HIGH		LogWithoutRaw
AOLIM_GameRequest_Overflow	AOL Instant Messenger game request overflow	Enabled	HIGH		LogWithoutRaw
Allaire_JRun_JSP_Execute	Allaire JRun JSP execution	Enabled	HIGH		LogWithoutRaw
Allaire_JRun_SSIFilter	Allaire JRun SSIFilter servlet	Enabled	HIGH		LogWithoutRaw
AolAdmin_Response	AolAdmin Backdoor	Enabled	HIGH		LogWithoutRaw
Asylum_Response	Asylum Backdoor	Enabled	HIGH		LogWithoutRaw
Avaya_Cajun_Default_SNMP	Avaya SNMP agent back door community string	Enabled	HIGH		LogWithoutRaw
BOOTP_Remote_Overflow	BOOTP File Overflow	Enabled	HIGH		LogWithoutRaw
BackConstruction_Response	BackConstruction backdoor	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_TCP_Auth_Request	Back Orifice 2000 ping	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_TCP_Auth_Response	Back Orifice 2000 auth	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_TCP_Request	Back Orifice 2000 command	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_TCP_Response	Back Orifice 2000 response	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_UDP_Auth_Request	BackOrifice 2000 command decodes	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_UDP_Auth_Response	BackOrifice 2000 command decodes	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_UDP_Request	BackOrifice 2000 command decodes	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_UDP_Response	BackOrifice 2000 command decodes	Enabled	HIGH		LogWithoutRaw
BackOrifice_Ping	Back Orifice ping	Enabled	HIGH		LogWithoutRaw
BackOrifice_Request	Back Orifice scan	Enabled	HIGH		LogWithoutRaw
BackOrifice_Response	Back Orifice response	Enabled	HIGH		LogWithoutRaw
Backdoor2_Response	Backdoor2 Backdoor	Enabled	HIGH		LogWithoutRaw
BigGluck_Response	BigGluck Backdoor	Enabled	HIGH		LogWithoutRaw
BioNet_Response	Bionet trojan horse activity	Enabled	HIGH		LogWithoutRaw
Blazer5_Response	Blazer5 Backdoor	Enabled	HIGH		LogWithoutRaw
Boink	Boink DoS	Enabled	HIGH		LogWithoutRaw
Bonk	Bonk DoS	Enabled	HIGH		LogWithoutRaw
Bugs_Response	Bugs Backdoor	Enabled	HIGH		LogWithoutRaw
Cerebus_Scanner	Cerebus Scan	Enabled	HIGH		LogWithoutRaw
Chupacabra_Request	Chupacabra Backdoor	Enabled	HIGH		LogWithoutRaw
Cisco_Cable_Docsis_SNMP_Community	Cisco IOS cable-docsis hidden SNMP community string	Enabled	HIGH		LogWithoutRaw
Cisco_ILMI_SNMP_Community	Cisco IOS "ILMI" hidden SNMP community string	Enabled	HIGH		LogWithoutRaw
Coma_Response	Coma Backdoor	Enabled	HIGH		LogWithoutRaw
ConnectionBackdoor_Response	Connection Backdoor	Enabled	HIGH		LogWithoutRaw
CrazzyNet_Response	CrazzyNet Backdoor	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_HTTP	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_ICMP	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_RPC	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_Radius	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_SMTP	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_TFTP	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
DHCP_Domain_Metachar	DHCP Domain Metachar	Enabled	HIGH		LogWithoutRaw
DHCP_Minires_Format_Overflow	DHCP Minires library format string overflow	Enabled	HIGH		LogWithoutRaw
DNS_Address_Length	DNS Internet not 4 bytes	Enabled	HIGH		LogWithoutRaw
DNS_Antisniff_Overflow	AntiSniff DNS exploit	Enabled	HIGH		LogWithoutRaw
DNS_Bind_SIG_Overflow	DNS BIND SIG response buffer overflow	Enabled	HIGH		LogWithoutRaw
DNS_Crack_Success	DNS crack successful	Enabled	HIGH		LogWithoutRaw
DNS_Generic_Intel_Overflow	DNS Generic Intel Overflow	Enabled	HIGH		LogWithoutRaw
DNS_Hostname_Overflow	DNS name overflow	Enabled	HIGH		LogWithoutRaw
DNS_Hostname_Overflow_Verylong	DNS name overflow very long	Enabled	HIGH		LogWithoutRaw
DNS_IQuery_bo	DNS I-Query exploit	Enabled	HIGH		LogWithoutRaw
DNS_NXT_Overflow	DNS NXT record overflow	Enabled	HIGH		LogWithoutRaw
DNS_TSIG_Overflow	DNS TSIG name overflow	Enabled	HIGH		LogWithoutRaw
DNS_VirusScanTrojan	DNS VirusScanTrojan	Enabled	HIGH		LogWithoutRaw
DeepThroat_Response	DeepThroat Backdoor	Enabled	HIGH		LogWithoutRaw
DeltaSource_Response	DeltaSource Backdoor	Enabled	HIGH		LogWithoutRaw
Devil_Request	Devil Backdoor	Enabled	HIGH		LogWithoutRaw
Doly_Response	Doly Backdoor	Enabled	HIGH		LogWithoutRaw
DonaldDick_Response	Donald Dick Backdoor	Enabled	HIGH		LogWithoutRaw
Dtspcd_Overflow	Dtspcd Overflow	Enabled	HIGH		LogWithoutRaw
EMail_Generic_Intel_Overflow	EMAIL Generic Intel Overflow	Enabled	HIGH		LogWithoutRaw
Email_Amavis_Exec	AMaViS EMail Command Execute	Enabled	HIGH		LogWithoutRaw
Email_BioNet	BioNet backdoor email alert	Enabled	HIGH		LogWithoutRaw
Email_Debug	E-mail debug attack	Enabled	HIGH		LogWithoutRaw
Email_Decode	SMTP mail to decode alias	Enabled	HIGH		LogWithoutRaw
Email_Expn_Overflow	SMTP Expn Overflow	Enabled	HIGH		LogWithoutRaw
Email_From_Overflow	E-Mail FROM: field overflow	Enabled	HIGH		LogWithoutRaw
Email_Helo_Overflow	SMTP login name overflow	Enabled	HIGH		LogWithoutRaw
Email_Listserv_Overflow	SMTP Listserv Overflow	Enabled	HIGH		LogWithoutRaw
Email_Lotus_Domino	Lotus_Domino_SMTP_Overflow	Enabled	HIGH		LogWithoutRaw
Email_Mime_Filename_Overflow	E-Mail MIME file name overflow	Enabled	HIGH		LogWithoutRaw
Email_Mime_Name_Overflow	E-Mail MIME name overflow	Enabled	HIGH		LogWithoutRaw
Email_Outlook_Date_Overflow	E-Mail Outlook Date overflow	Enabled	HIGH		LogWithoutRaw
Email_Pipe	SMTP pipe in mail address	Enabled	HIGH		LogWithoutRaw
Email_Rcpt_TooManyQuotes	Netscape Directory Server buffer overflow	Enabled	HIGH		LogWithoutRaw
Email_Rpmmail_Alias	SMTP mail to rpmmail alias	Enabled	HIGH		LogWithoutRaw
Email_SubSeven	SubSeven backdoor email alert	Enabled	HIGH		LogWithoutRaw
Email_UUDecode_Alias	SMTP mail to uudecode alias	Enabled	HIGH		LogWithoutRaw
Email_Virus_Iloveyou	ILOVEYOU worm	Enabled	HIGH		LogWithoutRaw
Email_Virus_Melissa	Melissa virus	Enabled	HIGH		LogWithoutRaw
Email_Virus_Papa	Papa virus	Enabled	HIGH		LogWithoutRaw
Email_Virus_exploreZip	ExploreZip worm	Enabled	HIGH		LogWithoutRaw
Email_Virus_investigator	Keystrokes monitored	Enabled	HIGH		LogWithoutRaw
Email_Vrfy_Overflow	Decode SMTP Vrfy Overflow attacks	Enabled	HIGH		LogWithoutRaw
Email_WIZ	E-mail WIZ attack	Enabled	HIGH		LogWithoutRaw
Email_Y3K	Y3K backdoor email alert	Enabled	HIGH		LogWithoutRaw
EventHorizon_Request	EventHorizon Backdoor	Enabled	HIGH		LogWithoutRaw
EvilFTP_Response	EvilFTP trojan horse activity	Enabled	HIGH		LogWithoutRaw
FTP_AIX_Overflow	FTP AIX Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Args_Overflow	FTP command line overflow	Enabled	HIGH		LogWithoutRaw
FTP_Command_Overflow	FTP command too long	Enabled	HIGH		LogWithoutRaw
FTP_Cwd_Overflow	FTP CWD directory overflow	Enabled	HIGH		LogWithoutRaw
FTP_Cwd_Root	FTP CWD ~root command	Enabled	HIGH		LogWithoutRaw
FTP_Cybercop_Scan	Cybercop FTP scan	Enabled	HIGH		LogWithoutRaw
FTP_Delete_Very_Long	FTP DELE command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Filename_Overflow	FTP file name overflow	Enabled	HIGH		LogWithoutRaw
FTP_Format_String	FTP Site Exec Format Attack	Enabled	HIGH		LogWithoutRaw
FTP_Generic_Intel_Overflow	FTP Generic Intel Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Glob_Expansion	FTP Glob Expansion Characters	Enabled	HIGH		LogWithoutRaw
FTP_Glob_Implementation	FTP Glob Expansion Characters	Enabled	HIGH		LogWithoutRaw
FTP_Glob_TildeBrace_Vulns	FTP server vulnerable to args with ~ and {	Enabled	HIGH		LogWithoutRaw
FTP_Help_Overflow	FTP HELP Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Invalid_Port_Cmd	FTP invalid PORT command	Enabled	HIGH		LogWithoutRaw
FTP_List_dotdot	FTP server traversal using LIST and dotdot	Enabled	HIGH		LogWithoutRaw
FTP_Login_Overflow	FTP USER name overflow	Enabled	HIGH		LogWithoutRaw
FTP_Mdtm_Very_Long	FTP MDTM command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Mkd_Overflow	FTP MKD directory overflow	Enabled	HIGH		LogWithoutRaw
FTP_Mlst_Very_Long	FTP MLST command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Dele_Overflow	FTP NetTerm Dele Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Dir_Overflow	FTP NetTerm Dir Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Ls_Overflow	FTP NetTerm Ls Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Mkd_Overflow	FTP NetTerm Mkd Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Pass_Overflow	FTP NetTerm Pass Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Rmdir_Overflow	FTP NetTerm Rmdir Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Passive_Very_Long	FTP PASV command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Password_Overflow	FTP password overflow	Enabled	HIGH		LogWithoutRaw
FTP_Pipe	FTP pipe in filename	Enabled	HIGH		LogWithoutRaw
FTP_Port_Very_Long	FTP PORT command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_ProFTPD	ProFTPD snprintf exploit	Enabled	HIGH		LogWithoutRaw
FTP_Restart_Very_Long	FTP REST command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Retr_Very_Long	FTP RETR command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Rmd_Very_Long	FTP RMD command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Rnfr_Very_Long	FTP RNFR command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Rnto_Very_Long	FTP RNTO command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Site_Chown_Overflow	FTP Site Chown Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Site_Cpwd	FTP Site Cpwd overflow attack	Enabled	HIGH		LogWithoutRaw
FTP_Site_Exec	FTP SITE EXEC exploit	Enabled	HIGH		LogWithoutRaw
FTP_Site_Exec_DotDot	FTP site exec .. attack	Enabled	HIGH		LogWithoutRaw
FTP_Site_Exec_Tar	FTP Site Exec Tar	Enabled	HIGH		LogWithoutRaw
FTP_Size_Very_Long	FTP SIZE command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Stat_Very_Long	FTP STAT command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Stor_Very_Long	FTP STOR command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Tar_Exec	FTP compress exec exploit	Enabled	HIGH		LogWithoutRaw
FTP_Unix_Password_File	FTP passwd file	Enabled	HIGH		LogWithoutRaw
FTP_Windows_PWL_File	FTP pwl file type	Enabled	HIGH		LogWithoutRaw
FW1_Auth_As_Local	FireWall-1 misconfiguration allows manipulation of filter modules	Enabled	HIGH		LogWithoutRaw
Finger_Command	Finger command	Enabled	HIGH		LogWithoutRaw
Finger_Generic_Intel_Overflow	Finger Generic Intel Overflow	Enabled	HIGH		LogWithoutRaw
Finger_Overflow	Finger overflow	Enabled	HIGH		LogWithoutRaw
ForcedEntry_Response	ForcedEntry Backdoor	Enabled	HIGH		LogWithoutRaw
Fore_Response	Fore Backdoor	Enabled	HIGH		LogWithoutRaw
Freak88_Response	Freak88 Backdoor	Enabled	HIGH		LogWithoutRaw
Frenzy_Response	Frenzy Backdoor	Enabled	HIGH		LogWithoutRaw
GateCrasher_Response	GateCrasher trojan horse activity	Enabled	HIGH		LogWithoutRaw
Gauntlet_CyberDaemon_Overflow	Gauntlet CyberDaemon proxy buffer overflow	Enabled	HIGH		LogWithoutRaw
Gauntlet_ICMP_DoS	ICMP Protocol Problem packet with encapsulated IP header with options	Enabled	HIGH		LogWithoutRaw
GayOL_Request	GayOL Backdoor	Enabled	HIGH		LogWithoutRaw
GirlFriend_Response	GirlFriend trojan horse activity	Enabled	HIGH		LogWithoutRaw
Glacier_Request	Glacier Backdoor	Enabled	HIGH		LogWithoutRaw
Glacier_Response	Glacier Backdoor	Enabled	HIGH		LogWithoutRaw
Gnutella_Worm	Gnutella Worm	Enabled	HIGH		LogWithoutRaw
HPUX_RLPD_Overflow	HPUX RLPD buffer overflow	Enabled	HIGH		LogWithoutRaw
HP_OpenView_NNM_Overflow	HP OpenView Network Node Manager buffer overflow	Enabled	HIGH		LogWithoutRaw
HP_OpenView_SNMP_Backdoor	HP OpenView SNMP agent back door community string	Enabled	HIGH		LogWithoutRaw
HTTP_$DATA_Source_Disclosed	IIS source code disclosure	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_EasySetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_FilteringSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_FirmwareSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_ModemSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_RFSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_SNMPSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_SecuritySetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_SpecialFunctions	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_SystemSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_ACCEPT_Overflow	HTTP ACCEPT: field overflow	Enabled	HIGH		LogWithoutRaw
HTTP_ASP_Stateserver_Overflow	HTTP ASP Stateserver Overflow	Enabled	HIGH		LogWithoutRaw
HTTP_Advancestack_BypassAuth	HP Advancestack bypass authentication	Enabled	HIGH		LogWithoutRaw
HTTP_AnswerBook2_Admin	Solaris AnswerBook2 administrator access	Enabled	HIGH		LogWithoutRaw
HTTP_AnswerBook2_DocServer	Solaris AnswerBook2 arbitrary command execution	Enabled	HIGH		LogWithoutRaw
HTTP_AnswerBook2_Execute	Solaris AnswerBook2 arbitrary command execution	Enabled	HIGH		LogWithoutRaw
HTTP_Answerbook_AddAdmin	Sun AnswerBook2 AddAdmin Scripts	Enabled	HIGH		LogWithoutRaw
HTTP_Answerbook_Format_String	Sun AnswerBook2 format string	Enabled	HIGH		LogWithoutRaw
HTTP_AnyForm	CGI AnyForm2	Enabled	HIGH		LogWithoutRaw
HTTP_AnyForm_Post	CGI AnyForm Post	Enabled	HIGH		LogWithoutRaw
HTTP_Apache_Chunked_BO	HTTP Apache Chunked BO	Enabled	HIGH		LogWithoutRaw
HTTP_Apache_PHP	Apache PHP.EXE file execution	Enabled	HIGH		LogWithoutRaw
HTTP_Auctionweaver	Auction Weaver CGI exploit	Enabled	HIGH		LogWithoutRaw
HTTP_AuthFilter_ISAPI_Overflow	HTTP AuthFilter ISAPI Overflow	Enabled	HIGH		LogWithoutRaw
HTTP_Auth_TooLong	HTTP Authentication overflow	Enabled	HIGH		LogWithoutRaw
HTTP_BAT_Execute	bat URL type	Enabled	HIGH		LogWithoutRaw
HTTP_BBN_survey	BNBSurvey survey.cgi	Enabled	HIGH		LogWithoutRaw
HTTP_BioNet_ICQ_Pager	Detect BioNet backdoor ICQ page alert	Enabled	HIGH		LogWithoutRaw
HTTP_Bugbear_Backdoor	Bugbear worm HTTP backdoor traffic	Enabled	HIGH		LogWithoutRaw
HTTP_CGI_Fastgraf	HTTP Fastgraf CGI	Enabled	HIGH		LogWithoutRaw
HTTP_CGI_Guestbook_Meta	CGI guestbook.pl	Enabled	HIGH		LogWithoutRaw
HTTP_CMD_Execute	cmd URL type	Enabled	HIGH		LogWithoutRaw
HTTP_Calender_Admin	Calendar CGI exploit	Enabled	HIGH		LogWithoutRaw
HTTP_Campas	CGI campas	Enabled	HIGH		LogWithoutRaw
HTTP_Carello	HTTP Carello File Duplication	Enabled	HIGH		LogWithoutRaw
HTTP_Cart32_ChangeAdminPassword	Cart32 ChangeAdminPassword URL	Enabled	HIGH		LogWithoutRaw
HTTP_Cart32_ClientList	HTTP Cart32 Client List	Enabled	HIGH		LogWithoutRaw
HTTP_Cdomain	HTTP Cdomain cgi-bin attack	Enabled	HIGH		LogWithoutRaw
HTTP_CheckLoginPhp	phpSecurePages arbitrary code execution	Enabled	HIGH		LogWithoutRaw
HTTP_Cisco_Aironet_Webconfig	Cisco Aironet configiguration	Enabled	HIGH		LogWithoutRaw
HTTP_Cisco_Catalyst_Exec	Cisco Catalyst 2900/3500 XL remote execution	Enabled	HIGH		LogWithoutRaw
HTTP_Cisco_IOS_Admin_Access	Cisco IOS athentication bypassed	Enabled	HIGH		LogWithoutRaw
HTTP_CobaltRAQ_OverflowCGI	Cobalt RaQ with SHP allows arbitrary command execution.	Enabled	HIGH		LogWithoutRaw
HTTP_Code_Red	Code Red I	Enabled	HIGH		LogWithoutRaw
HTTP_Code_Red_II	Code Red II	Enabled	HIGH		LogWithoutRaw
HTTP_Code_Red_II_Plus	Code Red II+	Enabled	HIGH		LogWithoutRaw
HTTP_ColdFusion_Expr_Evaluator	Cold Fusion Sample URL	Enabled	HIGH		LogWithoutRaw
HTTP_ColdFusion_WebPublish_ExampleApp	HTTP ColdFusion WebPublishing Example App	Enabled	HIGH		LogWithoutRaw
HTTP_Compaq_Insight_Cpqlogin_Overflow	Malformed login requests can cause execeptions in Compaq Insight.	Enabled	HIGH		LogWithoutRaw
HTTP_Count	HTTP count Cgi-Bin Exploit Check	Enabled	HIGH		LogWithoutRaw
HTTP_Csvform_Execute	CSVForm CGI script arbitrary command execution	Enabled	HIGH		LogWithoutRaw
HTTP_DCForum_Admin_Access	DCForum allows administrative access	Enabled	HIGH		LogWithoutRaw
HTTP_DCForum_File_Upload	DCForum file upload	Enabled	HIGH		LogWithoutRaw
HTTP_DCShop_info	DCShop Txt Information	Enabled	HIGH		LogWithoutRaw
HTTP_Dansie_Backdoor	Dansie Shopping Cart allows remote command execution	Enabled	HIGH		LogWithoutRaw
HTTP_Dir_Manager_exe	Directory Manager edit_image.php Execution	Enabled	HIGH		LogWithoutRaw
HTTP_DotDot	HTTP URL directory traversal/climbing	Enabled	HIGH		LogWithoutRaw
HTTP_EZShopper_Loadpage	EZShopper loadpage.cgi could be used to execute arbitrary commands	Enabled	HIGH		LogWithoutRaw
HTTP_EZShopper_Search	EZShopper search.cgi could be used to execute arbitrary commands	Enabled	HIGH		LogWithoutRaw
HTTP_Eva_Forms_Bo	Eva Forms Overflow	Enabled	HIGH		LogWithoutRaw
HTTP_Favorites_Icon_Overflow	favicon.ico bad format	Enabled	HIGH		LogWithoutRaw
HTTP_FaxSurvey	CGI faxsurvey	Enabled	HIGH		LogWithoutRaw
HTTP_FileTypeLnk	.lnk URL type	Enabled	HIGH		LogWithoutRaw
HTTP_FileTypeUrl	.url URL type	Enabled	HIGH		LogWithoutRaw
HTTP_FormMail	CGI formmail	Enabled	HIGH		LogWithoutRaw
HTTP_Frontpage_Extensions_RAD_Overflow	Frontpage fp30reg.dll Overflow	Enabled	HIGH		LogWithoutRaw
HTTP_GET_ComputeSum	HTTP GET contains Compute Sum	Enabled	HIGH		LogWithoutRaw
HTTP_GET_CreateTable	HTTP GET contains Create Table	Enabled	HIGH		LogWithoutRaw
HTTP_GET_DotDot_Data	HTTP CGI data contains ../../../..	Enabled	HIGH		LogWithoutRaw
HTTP_GET_Filename_pwl	HTTP GET pwl file type.	Enabled	HIGH		LogWithoutRaw
HTTP_GET_GroupBy	HTTP GET contains Group By	Enabled	HIGH		LogWithoutRaw
HTTP_GET_Very_Long	HTTP GET data overflow	Enabled	HIGH		LogWithoutRaw
HTTP_GET_XP_Cmdshell	HTTP GET contains xp_cmdshell	Enabled	HIGH		LogWithoutRaw
HTTP_GETargscript	HTTP GET data contains script	Enabled	HIGH		LogWithoutRaw
HTTP_Generic_Intel_Overflow	HTTP Generic Intel Overflow	Enabled	HIGH		LogWithoutRaw
HTTP_GetAccess_login	GetAccess Login Execution	Enabled	HIGH		LogWithoutRaw
HTTP_Glimpse	CGI glimpse	Enabled	HIGH		LogWithoutRaw
HTTP_Guestbook	HTTP Guestbook vulnerable CGI script	Enabled	HIGH		LogWithoutRaw
HTTP_HTMLScript	HTTP access to HTMLScript CGI to read files	Enabled	HIGH		LogWithoutRaw
HTTP_HackATack_ICQ_Pager	Detect Hack-a-tack backdoor ICQ page alert	Enabled	HIGH		LogWithoutRaw
HTTP_Hassan_Execute	Hassan Shopping Cart arbitrary command exec	Enabled	HIGH		LogWithoutRaw
HTTP_Htimage_Exe	FrontPage htimage.exe URL	Enabled	HIGH		LogWithoutRaw
HTTP_IE_HTML_Embed_Overflow	HTML Embed directive buffer overflow in IE	Enabled	HIGH		LogWithoutRaw
HTTP_IISHTR_Overflow	IIS HTR Overflow	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_ASP_Chunked_Overflow	HTTP IIS Chunked Encoding	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_CmdAsp	IIS CmdAsp allows privlaged execution	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_Csimple	IIS ASP data transfer heap overflow	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_HTR_Chunked_Overflow	HTTP IIS HTR Chunked Overflow	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_ISAPI_Printer_Overflow	IIS .printer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_IndexSearch	IIS Index Search buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_Index_Server_Overflow	ISAPI index extension overflow	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_MSSQL_XML_Script	Microsoft SQL Server SQLXML ISAPI script injection	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_MSSQL_xml	Microsoft SQL Server SQLXML ISAPI buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_Trailing_Slash	HTTP IIS .asp with trailing slash	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_Unicode_Encoding	Unicode Encoding detected in URL	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_dumpvariables	IIS ASP HTTP header parsing buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_htr_isapi	IIS ASP HTR ISAPI Overflows	Enabled	HIGH		LogWithoutRaw
HTTP_IIS_ssi	IIS SSI safety check buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_Imagemap_Exe	CGI imagemap.exe	Enabled	HIGH		LogWithoutRaw
HTTP_IndexServer_Source_Disclosure	Index Server null.htw exploit	Enabled	HIGH		LogWithoutRaw
HTTP_Info2WWW	CGI info2www	Enabled	HIGH		LogWithoutRaw
HTTP_InterScan_VirusWall_Overflow	VirusWall DLL buffer overflow attack	Enabled	HIGH		LogWithoutRaw
HTTP_InterscanViruswall_RegGo	Viruswall RegGo.dll buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_InterscanViruswall_Smtpscan	Viruswall smtpscan.dll buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_JJ_Overflow	CGI jj exploit	Enabled	HIGH		LogWithoutRaw
HTTP_JRun_Double_Slash	JRun Double fowardslash Authentication Bypass	Enabled	HIGH		LogWithoutRaw
HTTP_JRun_IIS_Overflow	Macromedia JRun and ColdFusion long URL overflow	Enabled	HIGH		LogWithoutRaw
HTTP_JRun_ISAPI_Host	JRun ISAPI.DLL Host overflow	Enabled	HIGH		LogWithoutRaw
HTTP_Java_Webadmin_BBS	Java Admin Servlet backdoor URL	Enabled	HIGH		LogWithoutRaw
HTTP_LastlinesCgi_CmdExecute	Lastlines.cgi arbitrary command execution	Enabled	HIGH		LogWithoutRaw
HTTP_Listrec_Execute	Listrec.pl Execution	Enabled	HIGH		LogWithoutRaw
HTTP_Listserv_Waexe	Listserv CGI exploit	Enabled	HIGH		LogWithoutRaw
HTTP_MDAC_Access	IIS data service query	Enabled	HIGH		LogWithoutRaw
HTTP_MDAC_RDS_Overflow	MDAC RDS Overflow	Enabled	HIGH		LogWithoutRaw
HTTP_MSCS_ProfileSvc_Overflow	HTTP MS Commerce Server Profile Service API buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_MSRadio_Overflow	Internet Explorer msradio buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_Mailsite_Wconsole	Rockliffe CGI exploit	Enabled	HIGH		LogWithoutRaw
HTTP_Mambo_Phpsessid	Mambo Site Server administrator privileges	Enabled	HIGH		LogWithoutRaw
HTTP_Netscape_URI_Overflow	Netscape Enterprise Server denial of service	Enabled	HIGH		LogWithoutRaw
HTTP_Nimda_Worm	HTTP Nimda	Enabled	HIGH		LogWithoutRaw
HTTP_Novell_Convert	HTTP Novell convert cgi-bin attack	Enabled	HIGH		LogWithoutRaw
HTTP_OWC_Installer_Overflow	HTTP MS Commerce Server OWC pkg installer buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_OracleAdmin_help_overflow	Oracle Admin help overflow	Enabled	HIGH		LogWithoutRaw
HTTP_OracleApp_soap	Oracle Application Server soap Config	Enabled	HIGH		LogWithoutRaw
HTTP_Oracle_Appserver_Overflow	OracleAppserver buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_Oracle_Appserver_rwcgi60	Oracle Application Server Demo sendmail jsp	Enabled	HIGH		LogWithoutRaw
HTTP_Oracle_Batchfile	Oracle batch file URL	Enabled	HIGH		LogWithoutRaw
HTTP_PDGSoft_Changepw	PDGSoft Shopping Cart buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_PHF_CommandExec	CGI phf	Enabled	HIGH		LogWithoutRaw
HTTP_PHPMyAdmin_EvalExecute	phpMyAdmin arbitrary command execution	Enabled	HIGH		LogWithoutRaw
HTTP_PHPMyAdmin_SqlPhp	phpPgAdmin arbitrary code execution	Enabled	HIGH		LogWithoutRaw
HTTP_PHPMyAdmin_Sql_Include	MyAdmin sql.php Include Files	Enabled	HIGH		LogWithoutRaw
HTTP_PHPNuke_Admin_Access	PHP-Nuke URL configuration allows administrator access to the program	Enabled	HIGH		LogWithoutRaw
HTTP_PHPNuke_Index_File	PHP Nuke index.php HTTP Files	Enabled	HIGH		LogWithoutRaw
HTTP_PHPNuke_Prefix_Admin	PHPNuke administrative database access	Enabled	HIGH		LogWithoutRaw
HTTP_PHP_Includedir	Php #includedir code execution	Enabled	HIGH		LogWithoutRaw
HTTP_PHP_LoadPrefs	SquirrelMail arbitrary code execution	Enabled	HIGH		LogWithoutRaw
HTTP_PHP_Memchr_BO	HTTP PHP buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_PHP_Overflow	HTTP PHP buffer overflow attack	Enabled	HIGH		LogWithoutRaw
HTTP_POST_ComputeSum	HTTP POST contains Compute Sum	Enabled	HIGH		LogWithoutRaw
HTTP_POST_CreateTable	HTTP POST contains Create Table	Enabled	HIGH		LogWithoutRaw
HTTP_POST_Filename_passwd	HTTP POST passwd file	Enabled	HIGH		LogWithoutRaw
HTTP_POST_GroupBy	HTTP POST contains Group By	Enabled	HIGH		LogWithoutRaw
HTTP_POST_PeopleSoft_Traversal	HTTP POST PeopleSoft Directory Traversal	Enabled	HIGH		LogWithoutRaw
HTTP_Passwd_Txt	passwd.txt URL	Enabled	HIGH		LogWithoutRaw
HTTP_Pfdispaly_Execute	HTTP Pfdisplay Execute	Enabled	HIGH		LogWithoutRaw
HTTP_PlanetIntra_Overflow	Planet Intra buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_Polycom_Reveal_Password	HTTP Polycom password disclosed	Enabled	HIGH		LogWithoutRaw
HTTP_PostQueryCgi	Post-query buffer overflow	Enabled	HIGH		LogWithoutRaw
HTTP_Post_Filename_pwl	HTTP POST pwl file type	Enabled	HIGH		LogWithoutRaw
HTTP_RpcNLog	HTTP access of vulnerable Nlog CGI script	Enabled	HIGH		LogWithoutRaw
HTTP_SCO_View_Source	CGI view-source	Enabled	HIGH		LogWithoutRaw
HTTP_SGI_Handler	CGI handler	Enabled	HIGH		LogWithoutRaw
HTTP_SGI_Infosrch	InfoSearch CGI exploit	Enabled	HIGH		LogWithoutRaw
HTTP_SGI_Webdist	HTTP SGI Webdist cgi-bin attack	Enabled	HIGH</