項目 |
|
攻撃 |
リモート |
攻撃ポート |
80 |
対象OS |
Windows |
CVE |
|
MS |
|
PAM |
|
NO-OP large quantity of instructions have been detected (JavaScript_NOOP_Sled)
About this signature or vulnerability
RealSecure Network Sensor, RealSecure Server Sensor:
This signature detects a simple NOOP sled in an 'unescape()' JavaScript function.
Default risk level
High
Sensors that have this signature
RealSecure Network Sensor: XPU 24.32, RealSecure Server Sensor: XPU 24.32
Systems affected
Linux: Any version, Solaris: Any version, HP-UX: Any version, BSD: Any version, IRIX: Any version, OS/2: Any version, DG/UX: Any version, Windows: 95, Windows: 98, Windows NT: 4.0, Windows: 98 Second Edition, SCO Unix: Any version, Windows 2000: Any version, Tru64 UNIX: Any version, Windows: Me, Windows: XP, Mac OS: Any version, AIX: Any version, Windows 2003: Any version
Type
Unauthorized Access Attempt
Vulnerability description
A large quantity of NO-OP instructions has been detected. This may indicate an attempt to overflow a buffer by padding the request with a large number of NO-OP instructions. A successful attempt could cause a denial of service or allow arbitrary code to be executed on the system.
How to remove this vulnerability
Verify that all current patches have been applied and the latest software versions have been installed on the system.
検証環境
優先度 |
OS |
IP |
Intruder: |
RedHat |
192.168.221.110 |
Victim: |
Windows2000 |
192.168.221.180 |
センサー |
ProvenitaM10 |
XPU1.70 |
実証コード
受動的攻撃
影響
メモリー使用率があがります。その後、エラーが発生してIEが強制終了する。
エラー
メモリーの使用が増加している様子
トレース
イベント一覧
優先度 |
シグネチャ名 |
検知件数 |
High |
JavaScript_NOOP_Sled |
4 |
イベント詳細
参考資料