[Snort-sigs] Signature Definition #1945 , 20 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 11:08:09 EDT 2003


 Rule: -- WEB-IIS unicode directory traversal attempt 
 Sid: -- 1945 
 Summary: -- This string detects Dual Unicode "encrypted" traffic inbound to
network's webservers.
 Impact: -- If unpatched, can lead to compromise of webserver
 Detailed Information: -- The string "/..%255c.." actually means "../.."
which is attributed to the Nimda worm, as well as a directory transversal
attack.
 Affected Systems: -- Microsoft IIS 4-5
 Attack Scenarios: -- Extreme 
 Ease of Attack: -- Easy
 False Positives: -- Unknown
 False Negatives: -- Unknown
 Corrective Action: -- Ensure all IIS Webservers are patched for this
vulnerability, ensure Antivirus compliance.
 Contributors: -- Joel Esler
 Additional References: cve,CVE-2000-0884

 




More information about the Snort-sigs mailing list