[Snort-sigs] Typo in SID 1018 "WEB-IIS iisadmpwd attempt"

Crow, Owen Owen_Crow at ...449...
Wed Aug 7 07:25:02 EDT 2002


The CVE referenced in the rule is about a Quake 3 Arena vulnerability
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0303):

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS
iisadmpwd attempt"; flags:A+; uricontent:"/iisadmpwd/aexp"; nocase;
reference:bugtraq,2110; reference:cve,cve-2000-0303;
classtype:web-application-attack; sid:1018; rev:5;)

I think it should be the next CVE about IISADMPWD
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0304):

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS
iisadmpwd attempt"; flags:A+; uricontent:"/iisadmpwd/aexp"; nocase;
reference:bugtraq,2110; reference:cve,cve-2000-0304;
classtype:web-application-attack; sid:1018; rev:6;)

Regards,
Owen Crow
Systems Programmer (Unix)
BMC Software, Inc.




More information about the Snort-sigs mailing list