webbufferoverflow.xml.codered

来自「The Network Security Response Framework 」· CODERED 代码 · 共 37 行

<?xml version="1.0" encoding="UTF-8"?>
<Worm xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="file:///home/kelek/wormsim/xml/wormProp.xsd">
	<name>WebBufferOverflow</name>
	<Field name="RequiredService" type="string" strval="webserver" set="1"/>
	<Field name="host" type="string" set="0"/>
	<Field name="filesystem" type="string" strval="web" set="1"/>
	<Field name="ispv" type="int" set="1" intval="0"/>
	<Field name="pvfpp" type="int" intval="100" set="1"/>
	<PropagationVector>
		<Medium>
			<VulnerableServices>
			<name>IIS</name>
			<version>5.0</version>
                        <version>4.0</version>
                        <port>80</port>
			<vulnerabilityID>CERT CA-2001-13</vulnerabilityID>
			<Effect name="InfectFilesystem" type="string" strval="web"/>
			</VulnerableServices>
		</Medium>
		<TargetDiscoveryMechanism>
			<ClientOriented>
				<PortScan>
					<PortScanMechanism>
						<LocalSubnetScan objective = "query-first" method = "probe">
							<netmask>28</netmask>
							<probability>1</probability>
						</LocalSubnetScan>
					</PortScanMechanism>
					<PortScanRate unit = "sec">
						<numAddresses>1</numAddresses>
					</PortScanRate>
				</PortScan>
			</ClientOriented>
		</TargetDiscoveryMechanism>
	</PropagationVector>
</Worm>