Snort mailing list archives
Re: 34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet
From: Alex McDonnell <amcdonnell () sourcefire com>
Date: Thu, 19 Dec 2019 12:57:17 -0500
Thank you for letting us know, we will update the rule as necessary. Alex McDonnell Talos On Thu, Dec 19, 2019 at 6:59 AM Russ Combs (rucombs) via Snort-sigs < snort-sigs () lists snort org> wrote:
Thanks. Redirecting to snort-sigs. *From: *'Rajendra Prasad Palnaty' via Bugs <bugs () sourcefire com> *Reply-To: *Rajendra Prasad Palnaty <rajendra () netskope com> *Date: *Thursday, December 19, 2019 at 6:49 AM *To: *"bugs () snort org" <bugs () snort org> *Subject: *sid:34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet Hi, *Bug Details:* The below signature is written to inspect HTTP URI on HTTP Response packet, which is not possible or never occur. Could you please provide correct signature for this vulnerability. alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"SERVER-WEBAPP Wordpress username enumeration attempt"; flow:to_client,established,only_stream; content:"?author="; fast_pattern:only; nocase; http_uri; detection_filter:track by_src,count 100, seconds 2; metadata:policy max-detect-ips drop, service http; reference:url, www.acunetix.com/blog/web-security-zone/wordpress-username-enumeration-using-http-fuzzer/; classtype:attempted-recon; sid:34475; rev:3;) Thanks Rajendra _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Re: 34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet Russ Combs (rucombs) via Snort-sigs (Dec 19)
- Re: 34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet Alex McDonnell (Dec 19)