[Snort-sigs] New Sid: MISC HP Web JetAdmin ExecuteFile admin access
matt at ...2436...
Wed Aug 4 15:43:03 EDT 2004
Put this up on bleedingsnort as well. As with all of our rules if the
snort.org folks pick them up we drop them from here. We're a good test
Only thing I changes was to make the first content into a uricontent.
Should be more efficient.
Thomas Alex wrote:
> MISC HP Web JetAdmin ExecuteFile admin access
> alert tcp $EXTERNAL_NET any -> $HOME_NET 8000 (msg:"MISC HP Web JetAdmin
> ExecuteFile admin access"; flow:to_server,established;
> content:"/plugins/framework/script/content.hts"; nocase;
> content:"ExecuteFile”; nocase; reference:bugtraq,10224;
> classtype:attempted-admin; sid:????; rev:1;)
More information about the Snort-sigs