[Snort-sigs] Typo in sid:1167

Crow, Owen Owen_Crow at ...449...
Mon Aug 5 06:45:05 EDT 2002


This rule in snortrules.tar.gz (Mon Aug 5 09:10:33 2002 EDT) has /rmp_query
instead of /rpm_query:

WAS:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC
rpm_query access"; flags:A+; uricontent:"/rmp_query"; nocase;
reference:cve,cve-2000-0192; reference:bugtraq,1036;
classtype:attempted-recon; priority:2; sid:1167; rev:4;)

SHOULD BE:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC
rpm_query access"; flags:A+; uricontent:"/rpm_query"; nocase;
reference:cve,cve-2000-0192; reference:bugtraq,1036;
classtype:attempted-recon; priority:2; sid:1167; rev:5;)

Would the rules maintainers like a keyword in the subject to help them weed
out discussion from rules updates?

Regards,
Owen Crow
Systems Programmer (Unix)
BMC Software, Inc.





More information about the Snort-sigs mailing list