Snort mailing list archives
Re: New Community sig for detecting Oracle WebCenter header injection
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 18 Apr 2013 13:43:41 -0400
Wow, that was bad. We actually have rules written for this in testing already, so we'll move these from our VRT set into the community set. Joel On Apr 18, 2013, at 12:39 PM, Joel Esler <jesler () sourcefire com> wrote:
Rmkml, We actually have rules for this written this already in testing already, so what we do is we'll do is move them from our VRT set into the community set. Joel On Apr 18, 2013, at 11:26 AM, Joel Esler <jesler () sourcefire com> wrote:Thanks! We'll take a look! On Apr 17, 2013, at 4:15 PM, rmkml <rmkml () yahoo fr> wrote:Hi, Please find offer a new sig for community for detecting Oracle WebCenter header injection: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS ( msg:"WEB-MISC Oracle WebCenter (FatWire) header injection on blobheadername2 and blobheadervalue2 attempt"; flow:to_server,established; content:"blobheadername2="; nocase; http_uri; content:"blobheadervalue2="; nocase; http_uri; pcre:"/[\?\&]blobheadervalue2\=[^\&]*?[\x00-\x25\x27-\x2f\x3a-\x40\x5b-\x60\x7b-\xff]/Ui"; reference:cve,2013-1509; reference:url,www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html; classtype:web-application-attack; sid:1; rev:1;) Don't remember adjust snort variables. Please post any comments? Happy Detect Rmkml http://twitter.com/rmkml ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- New Community sig for detecting Oracle WebCenter header injection rmkml (Apr 17)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)
- Re: New Community sig for detecting Oracle WebCenter header injection Joel Esler (Apr 18)