[Snort-sigs] False Positives in SID: 2307 -- "WEB-PHP PayPal Storefront arbitrary command execution attempt"

Alan Whinery whinery at ...2428...
Tue Apr 27 07:50:09 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work.
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
#
# $Id$
#
#

Rule:

- --
Sid: 2307

- --
Summary:

- --
Impact:

- --
Detailed Information:

- --
Affected Systems:

- --
Attack Scenarios:

- --
Ease of Attack:

- --
False Positives: The content/pcre criteria: "content:"page=";
pcre:"/page=(http|https|ftp)/i"; Are met frequently by the strings
"page=http" and "lastpage=http" which occur relatively often in the text
of cookies, most commonly ones associated with MSN passport.

- --
False Negatives:

- --
Corrective Action:

- --
Contributors:

- --
Additional References:

- 
--------------------------------------------------------------------------------

D. Alan Whinery
Public Key -> http://laphroaig.uhnet.net/~whinery/AWhinery-its.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr2 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAhfmpo0Fj2RHXjC4RAjitAJ9gTDVFVqnq4MhZ7IwlQw7tP840LwCgllE7
OwFzL7vWfYzlGLa34Q/Xd5I=
=rUkh
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list