Snort mailing list archives
Offer a new sig for detecting HttpOxy vulnerability
From: rmkml <rmkml () ligfy org>
Date: Mon, 18 Jul 2016 20:52:30 +0200 (CEST)
Hi, The http://etplc.org open source project offer a new sig for detecting "HttpOxy" vulnerability: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-MISC HttpOxy vulnerability HTTP Proxy header attempt"; flow:to_server,established; content:"Proxy|3A|"; nocase; http_header; pcre:"/^Proxy\x3a/Hsmi"; reference:url,httpoxy.org; reference:cve,2016-5385; reference:cve,2016-5386; reference:cve,2016-5387; reference:cve,2016-5388; reference:cve,2016-1000109;reference:cve,2016-1000110; reference:url,isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/; classtype:misc-attack; sid:1; rev:1;) See reference for more information. Don't forget check variables. Please send any comments. Regards @Rmkml ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Offer a new sig for detecting HttpOxy vulnerability rmkml (Jul 18)