[Snort-sigs] Re: Microsoft IIS .htr heap overflow
giermo at ...22...
Fri Apr 12 11:36:42 EDT 2002
This rule actually only detects .htr access, not the overflow specifically.
It should proerly be titled WEB-IIS htr access.
The overflow signature would need to contain more info from the actual
nature of the exploit, which I haven't seen yet so I don't know what that
>I guessing this rule in web-iis.rules will pick up any .htr buffer
>web-iis.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80
>(msg:"WEB-IIS Overflow-htr access";flags: A+;
>classtype:web-application-attack; sid:987; rev:3;)
More information about the Snort-sigs