Snort mailing list archives
Offer sig for detect IISv6 WebDAV If header overflow
From: rmkml <rmkml () ligfy org>
Date: Mon, 27 Mar 2017 21:39:33 +0200 (CEST)
Hello, First, thx edwardz246003 for sharing exploit, Please check sig for detecting IISv6 WebDAV If header overflow: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-MISC IIS v6 WebDAV ScStoragePathFromUrl overflow attempt"; flow:to_server,established; content:"PROPFIND"; nocase; http_method; content:"|0a|If|3a|"; nocase; http_raw_header; isdataat:1000,relative; content:!"|0A|"; http_raw_header; within:1000; reference:cve,2017-7269; reference:url,github.com/edwardz246003/IIS_exploit; classtype:web-application-attack; sid:1; rev:1;) Please check vars and send any comments. Best Regards @Rmkml ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Offer sig for detect IISv6 WebDAV If header overflow rmkml (Mar 27)
- Re: Offer sig for detect IISv6 WebDAV If header overflow Tyler Montier (Mar 27)