[Snort-sigs] New IIS Buffer Overrun rules

Kreimendahl, Chad J Chad.Kreimendahl at ...361...
Thu Jun 13 07:56:02 EDT 2002

WEB-IIS Buffer Overrun in HTTP header handling"; flags
: A+; content:"HTTP|2F|"; nocase; uricontent:".cdx"; nocase; content:"|3A|";
content:"|0A|"; content:"|00|"; reference:bugtraq,447
6; sid:1804; rev:1;)
not completely sure that case matters... but HTtp_PORTS supposed to be
Also, any plans to make the signature unique?  (possibly add the uricontent
part to it?  .cdx .asp....) 
Oh, and my favorite:  flags: A+ or flow: to_server,established ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20020613/71e58642/attachment.html>

More information about the Snort-sigs mailing list