Snort mailing list archives

IIS/5.0 Content-Length Bug signature.

From: "Ivan Hernandez Puga" <ivan.hernandez () globalsis com ar>
Date: Thu, 13 Dec 2001 13:57:13 -0300

Hello. I need to create a signature that searches for a "GET" request with the Content-Length invalid header.

I have taken the cmd.exe signature and touched it. Until now it works for me.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS Content-Length Bug"; flags: A+; content:"Content-Length"; 
nocase; classtype:web-application-attack; sid:1002; rev:2;)

Thanks

Ivan Hernandez

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

IIS/5.0 Content-Length Bug signature. Ivan Hernandez Puga (Dec 13)
- Re: IIS/5.0 Content-Length Bug signature. Chris Green (Dec 13)
  - Re: IIS/5.0 Content-Length Bug signature. Chris Green (Dec 13)
- <Possible follow-ups>
- RE: IIS/5.0 Content-Length Bug signature. Ivan Hernandez Puga (Dec 13)