[Snort-sigs] SID 1016
dhanson at ...113...
Thu Aug 29 14:52:04 EDT 2002
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS
(msg:"WEB-IIS global.asa access"; flow:to_server,established;
content:"/global.asa"; nocase; reference:nessus,10491;
This rule appears to not be related to the the CVE item that is listed.
The item covered by CVE-2000-0778 and BID 1578 is the source disclosure
due to a trailing / after a filename that should be parsed by the IIS
The references should either be removed to reflect that this is simply
activity targeting global.asa (no trailing / in the content) or the rule
should be updated to search for .asp .asa .htr (etc) files followed by a
TMS Threat Analyst
More information about the Snort-sigs