TOC & Recently Viewed

Recently Viewed Topics

Network Client Detection

Match patterns that begin with the ^ symbol mean at least one line in the packet payload must begin with the following pattern. Match patterns that begin with the ! symbol indicate that the string must NOT match anything in the packet payload. In this case, the ! and ^ symbols are combined to indicate that PVS should not evaluate any packet whose payload contains a line starting with the pattern Received:.

The ^ is more expensive to evaluate than the > symbol. So, while both match patterns ^<pattern> and ><pattern> would find <pattern> at the beginning of a packet payload, the use of > is more desirable as it is less costly. Use ^ when looking for the occurrence of a string at the beginning of a line, but not at the beginning of the packet payload. In the latter case, use the > character instead.

id=79526

hs_dport=25

clientissue

name=Buffer overflow in multiple IMAP clients

description=The remote e-mail client is Mozilla 1.3 or 1.4a which is vulnerable to a boundary condition error whereby a malicious IMAP server may be able to crash or execute code on the client.

solution=Upgrade to either 1.3.1 or 1.4a

risk=HIGH

match=^From:

match=^To:

match=^Date:

match=^User-Agent: Mozilla

match=!^Received:

regex=^User-Agent: Mozilla/.* \(.*rv:(1\.3|1\.4a)

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.