[Snort-sigs] fix typo "/calendar-admin.pl" to "/calendar_admin.pl" on sid 1701 (snortrule24)

rmkml rmkml at ...324...
Thu Aug 18 13:02:33 EDT 2005


Hi,

sid 1701 :
web-cgi.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS 
(msg:"WEB-CGI calendar-admin.pl access"; flow:to_server,established; 
uricontent:"/calendar-admin.pl"; nocase; reference:bugtraq,1215; 
classtype:web-application-activity; sid:1701; rev:4;)

but bid 1215 is :
   http://online.securityfocus.com/bid/1215/exploit

and cve 2000-0432 confirm this :
   Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script)
   Reference: BID:1215
   Reference: XF:http-cgi-calendar-execute
   The calender.pl and the calendar_admin.pl calendar scripts by Matt
   Kruse allow remote attackers to execute arbitrary commands via shell
   metacharacters.

regards
Rmkml




More information about the Snort-sigs mailing list