[Snort-sigs] Additional information for sid 1042

Javier Fernandez-Sanguino jfernandez at ...2106...
Tue Dec 30 07:50:35 EST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rule:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS
view sour
ce via translate header"; flow:to_server,established; content:
"Translate|3a| F"
; nocase; reference:arachnids,305; reference:bugtraq,1578;
classtype:web-applica
tion-activity; sid:1042;  rev:6;)
- --
Sid:
1042
- --
False Positives:

Some Microsoft applications make use of the 'Translate: f' header and
will trigger this alert. These include applications that use WebDAV
for publishing content on the webserver such as Microsoft Outlook Web
Access (OWA)

Additional References:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wss/wss/_exch2k_c
reating_items_http.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wss/wss/_webdav_p
ropfind.asp

HTH

Javier Fernandez-Sanguino

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1

iQA/AwUBP+wBIaO1I0N5hzVfEQKyKgCggpUu0E5b1P8Nh3FPdG08P0Few5MAn1KE
+01Afd45hwrwkLQwXMFHBm5t
=fOal
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list