[Snort-sigs] sid 976
cmg at ...26...
Thu Jan 17 11:10:04 EST 2002
(msg:"WEB-IIS .bat? access";flags: A+;
uricontent:".bat?&"; nocase; reference:bugtraq,2023;
I think the uricontent should be ".bat?"
This looks like a bug from the NT 3.51 with IIS 1
We probably need a way to indicate how old an vulnerability is so
people that know their network well can disable them. That said, I
have seen a successful phf attack in the past month so old crap does
pop up now and then.
Chris Green <cmg at ...26...>
Fame may be fleeting but obscurity is forever.
More information about the Snort-sigs