[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] add new rule "HTTP Transfer-Content Request Smuggling attempt"
From: rmkml <rmkml () free ! fr>
Date: 2005-08-27 22:07:46
Message-ID: Pine.LNX.4.63.0508280003270.2058 () npre ! npre ! pbz
[Download RAW message or body]
Hi,
please add new rule for detect "HTTP Transfer-Content Request Smuggling
attempt" :
web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS
(msg:"WEB-MISC HTTP Transfer-Content Request Smuggling attempt";
flow:to_server,established; content:"Transfer-Encoding|3A|";
content:"chunked"; content:"Content-Length|3A|"; nocase; reference:bugtraq,13873;
reference:bugtraq,14106; reference:cve,2005-2088; reference:cve,2005-2089;
reference:cve,2005-2090; reference:cve,2005-2091; reference:cve,2005-2092;
reference:cve,2005-2093; reference:cve,2005-2094; reference:osvdb,17738;
reference:nessus,18337; classtype:attempted-admin;)
Regards
Rmkml
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic