[Snort-sigs] sid 976

Chris Green cmg at ...26...
Thu Jan 17 11:10:04 EST 2002

(msg:"WEB-IIS .bat? access";flags: A+;
uricontent:".bat?&"; nocase; reference:bugtraq,2023;
sid:976; rev:3;)

I think the uricontent should be ".bat?" 


This looks like a bug from the NT 3.51 with IIS 1

We probably need a way to indicate how old an vulnerability is so
people that know their network well can disable them.  That said, I
have seen a successful phf attack in the past month so old crap does
pop up now and then.

Chris Green <cmg at ...26...>
Fame may be fleeting but obscurity is forever.

More information about the Snort-sigs mailing list