MediumRealSecure Desktop, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, RealSecure Desktop Protector 3.6, Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE PC Protection, RealSecure Guard, RealSecure Sentry, RealSecure Server Sensor, BlackICE Agent for Server, RealSecure Network:
This signature detects if an HTTP POST command contains a <script> tag.
Medium
RealSecure Desktop: baseline, Proventia-G 1.1 and earlier: G Series, Proventia Network IDS: A Series, Proventia Network MFS: 1.0, RealSecure Desktop Protector 3.6: baseline, Proventia Server IPS for Linux technology: 1.0, Proventia Desktop: 8.0.614.1, Proventia Network IPS: 2.0, BlackICE Server Protection: 3.6.cbd, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, BlackICE PC Protection: 3.6.cbd, RealSecure Guard: 3.6, RealSecure Sentry: 3.6, RealSecure Server Sensor: 7.0, BlackICE Agent for Server: 3.6, RealSecure Desktop Protector: 3.6, RealSecure Network: 7.0
Various vendors Any application, IETF HTTP/1.1
Suspicious Activity
A remote attacker may be attempting to execute arbitrary code on the Web server by sending a specially-crafted POST command containing malicious script. The script could be written in Java or some other scripting language.
Ensure that your personal firewall, operating system, and programs are up-to-date in order to minimize the threat of a system compromise.
ISS X-Force
HTTP POST contains malicious script
http://www.iss.net/security_center/static/8539.php