Snort mailing list archives
New Community sig for detecting Oracle WebCenter header injection
From: rmkml <rmkml () yahoo fr>
Date: Wed, 17 Apr 2013 22:15:45 +0200 (CEST)
Hi, Please find offer a new sig for community for detecting Oracle WebCenter header injection: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS ( msg:"WEB-MISC Oracle WebCenter (FatWire) header injection on blobheadername2 and blobheadervalue2 attempt"; flow:to_server,established; content:"blobheadername2="; nocase; http_uri; content:"blobheadervalue2="; nocase; http_uri; pcre:"/[\?\&]blobheadervalue2\=[^\&]*?[\x00-\x25\x27-\x2f\x3a-\x40\x5b-\x60\x7b-\xff]/Ui"; reference:cve,2013-1509; reference:url,www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html; classtype:web-application-attack; sid:1; rev:1;) Don't remember adjust snort variables. Please post any comments? Happy Detect Rmkml http://twitter.com/rmkml ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- New Community sig for detecting Oracle WebCenter header injection rmkml (Apr 17)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)