[Snort-sigs] Snort signatures for MS02-018 IIS vulnerabilities.

Sean Hittel seanh at ...113...
Thu May 30 07:53:04 EDT 2002


Greetings,

On April 10, 2002, Microsoft released Security Bulletin MS02-018,
detailing several severe vulnerabilities in various versions of IIS,
Microsoft's Web server. The vulnerabilities include buffer overflows,
access violations resulting in a Denial of Service (DoS) condition, and
cross-site scripting issues. Several of these vulnerabilities may allow an
attacker to execute arbitrary code on a vulnerable server.

We have produced Snort signatures for many of these vulnerabilities, and
have made them available in the following document, which discusses these
signatures and the associated vulnerabilities. This document is available
at:

http://aris.securityfocus.com/rules/020528-Alert-MultipleIIS.pdf

These signatures are also avaible in text format in the following
document:

http://aris.securityfocus.com/rules/IISSigs.rules

We recommend that administrators add these rules to their Snort IDS, or
configure their IDS with signatures for these issues.

As always, we look forward to any feedback or suggestions you may have.
Comments and feedback are welcome at aris-feedback at ...609...

Sean Hittel
SecurityFocus Threat Analyst Team





More information about the Snort-sigs mailing list