Snort mailing list archives
IIS/5.0 Content-Length Bug signature.
From: "Ivan Hernandez Puga" <ivan.hernandez () globalsis com ar>
Date: Thu, 13 Dec 2001 13:57:13 -0300
Hello. I need to create a signature that searches for a "GET" request with the Content-Length invalid header. I have taken the cmd.exe signature and touched it. Until now it works for me. alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS Content-Length Bug"; flags: A+; content:"Content-Length"; nocase; classtype:web-application-attack; sid:1002; rev:2;) Thanks Ivan Hernandez _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IIS/5.0 Content-Length Bug signature. Ivan Hernandez Puga (Dec 13)
- Re: IIS/5.0 Content-Length Bug signature. Chris Green (Dec 13)
- Re: IIS/5.0 Content-Length Bug signature. Chris Green (Dec 13)
- <Possible follow-ups>
- RE: IIS/5.0 Content-Length Bug signature. Ivan Hernandez Puga (Dec 13)
- Re: IIS/5.0 Content-Length Bug signature. Chris Green (Dec 13)