MediumRealSecure Desktop Protector 3.6, Proventia Network IPS, Proventia Server IPS for Linux technology, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Network MFS, IBM Security Server Protection for Windows, BlackICE Agent for Server, RealSecure Guard, RealSecure Sentry, BlackICE PC Protection, BlackICE Server Protection, RealSecure Server Sensor, RealSecure Network, Virtual Server Protection for Vmware:
This signature detects if an HTTP POST command contains a <script> tag.
This signature detects if an HTTP POST command contains an HTML 'script' tag.
Medium
RealSecure Desktop Protector 3.6: baseline, Proventia Network IPS: 2.0, Proventia Server IPS for Linux technology: 1.0, RealSecure Desktop: baseline, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, Proventia Desktop: 8.0.614.1, Proventia Network MFS: 1.0, IBM Security Server Protection for Windows: 1.0.914.0, IBM Security Server Protection for Windows: 2.1.14.2400, BlackICE Agent for Server: 3.6, RealSecure Guard: 3.6, RealSecure Sentry: 3.6, BlackICE PC Protection: 3.6.cbd, BlackICE Server Protection: 3.6.cbd, RealSecure Desktop Protector: 3.6, RealSecure Server Sensor: 7.0, RealSecure Network: 7.0, Virtual Server Protection for Vmware: 1.0
Various vendors Any application, IETF HTTP/1.1
Suspicious Activity
A remote attacker may be attempting to execute arbitrary code on the Web server by sending a specially-crafted POST command containing malicious script. The script could be written in Java or some other scripting language.
Ensure that your personal firewall, operating system, and programs are up-to-date in order to minimize the threat of a system compromise.
ISS X-Force
HTTP POST contains malicious script
http://www.iss.net/security_center/static/8539.php