BlackICE Server Protection, RealSecure Sentry, BlackICE PC Protection, Proventia Server IPS for Microsoft Windows technology, RealSecure Guard, BlackICE Agent for Server, RealSecure Desktop Protector, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IPS, Proventia Desktop, RealSecure Network, Proventia Server IPS for Linux technology:
This signature detects if an HTTP POST command contains a <script> tag.
Medium
BlackICE Server Protection: 3.6.cbd, RealSecure Sentry: 3.6, BlackICE PC Protection: 3.6.cbd, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, RealSecure Guard: 3.6, BlackICE Agent for Server: 3.6, RealSecure Desktop Protector: 3.6, RealSecure Server Sensor: 7.0, Proventia-G 1.1 and earlier: G Series, Proventia Network MFS: 1.0, Proventia Network IPS: 2.0, Proventia Desktop: 8.0.614.1, RealSecure Network: 7.0, Proventia Server IPS for Linux technology: 1.0
Various vendors Any application, Various vendors HTTP
Suspicious Activity
A remote attacker may be attempting to execute arbitrary code on the Web server by sending a specially-crafted POST command containing malicious script. The script could be written in Java or some other scripting language.
Ensure that your personal firewall, operating system, and programs are up-to-date in order to minimize the threat of a system compromise.
ISS X-Force
HTTP POST contains malicious script
http://www.iss.net/security_center/static/8539.php