Snort mailing list archives
CF Admin parser access sig
From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 13 Dec 2013 11:02:27 -0700
Meh...slow Friday (the 13th) >:) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"SERVER-WEBAPP ColdFusion Admin parser access"; flow:established,to_server; content:"GET"; http_method; nocase; content:"|2f|cfide|2f|administrator|5c|tools|5c|parser.cfm"; http_uri; nocase; reference:url,http://blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module-prologue-method-of-entry-analysis.html; classtype:web-application-attack; sid:10000114; rev:1;) James ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- CF Admin parser access sig James Lay (Dec 13)
- Re: CF Admin parser access sig Nicholas Mavis (Dec 13)
- Re: CF Admin parser access sig James Lay (Dec 13)
- Re: CF Admin parser access sig Nicholas Mavis (Dec 13)