HighProventia Server IPS for Linux technology, RealSecure Desktop, RealSecure Desktop Protector 3.6, BlackICE PC Protection, BlackICE Agent for Server, RealSecure Server Sensor, RealSecure Network, Proventia Network IDS, Proventia Network IPS, Proventia Desktop, Proventia-G 1.1 and earlier, Proventia Network MFS, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, Proventia Server for VMware:
This signature detects a simple NOOP sled in an 'unescape()' JavaScript function.
Proventia Server IPS for Linux technology, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Network IDS, Proventia Network IPS, Proventia Desktop, Proventia-G 1.1 and earlier, Proventia Network MFS, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, Proventia Server for VMware: A false positive is possible when the patterns matched by this signature are used legitimately, typically found in environments where unicode is used heavily and also formatted using 'unescape' functions.
A false positive is possible when the patterns matched by this signature are used legitimately, typically found in environments where unicode is used heavily and also formated using 'unescape' functions.
Proventia Server IPS for Linux technology, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Network IDS, Proventia Network IPS, Proventia Desktop, Proventia-G 1.1 and earlier, Proventia Network MFS, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, Proventia Server for VMware: This signature is easily evadable through clever obfuscation.
High
Proventia Server IPS for Linux technology: 1.0, RealSecure Desktop: epc, RealSecure Desktop Protector 3.6: epc, BlackICE PC Protection: 3.6cpc, BlackICE Agent for Server: 3.6epc, RealSecure Server Sensor: XPU 24.32, RealSecure Network: XPU 24.32, Proventia Network IDS: XPU 24.32, Proventia Network IPS: XPU 1.71, Proventia Desktop: 8.0.675.1710, Proventia-G 1.1 and earlier: XPU 24.32, Proventia Network MFS: XPU 1.71, BlackICE Server Protection: 3.6.cpc, Proventia Server IPS for Microsoft Windows technology: 1.0.914.1710, Proventia Server for VMware: 1.0
IBM AIX, WindRiver BSDOS, HP HP-UX, SGI IRIX, Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server
Unauthorized Access Attempt
A large quantity of NO-OP instructions has been detected. This may indicate an attempt to overflow a buffer by padding the request with a large number of NO-OP instructions. A successful attempt could cause a denial of service or allow arbitrary code to be executed on the system.
Verify that all current patches have been applied and the latest software versions have been installed on the system.
Internet Security Systems Protection Alert April 11, 2006
Cumulative Security Update for Internet Explorer
http://xforce.iss.net/xforce/alerts/id/220
Internet Security Systems Protection Alert October 3, 2006
Vulnerability in Windows Shell Could Allow Remote Code Execution
http://xforce.iss.net/xforce/alerts/id/238
ISS X-Force
NO-OP large quantity of instructions have been detected
http://www.iss.net/security_center/static/15747.php