[Snort-sigs] SID 1651
dhanson at ...113...
Thu Aug 29 14:01:06 EDT 2002
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS
(msg:"WEB-CGI enivorn.pl access"; flow:to_server,established;
uricontent:"/enivron.pl"; nocase; classtype:web-application-activity;
Seems to me that this rule is in desperate need of a spell checker. As far
as I can tell, there does not exist a perl script archived by google that
answers to the name of "enivorn.pl" or "enivron.pl".
My conclusion is that this SHOULD be environ.pl of which there are
numerous scripts by that name. Is there one in particular that this rule
should be looking for?
TMS Threat Analyst
More information about the Snort-sigs