[Snort-sigs] add new rule "HTTP Transfer-Content Request Smuggling attempt"

rmkml rmkml at ...324...
Sat Aug 27 15:08:23 EDT 2005


Hi,

please add new rule for detect "HTTP Transfer-Content Request Smuggling 
attempt" :

web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS 
(msg:"WEB-MISC HTTP Transfer-Content Request Smuggling attempt"; 
flow:to_server,established; content:"Transfer-Encoding|3A|"; 
content:"chunked"; content:"Content-Length|3A|"; nocase; reference:bugtraq,13873; 
reference:bugtraq,14106; reference:cve,2005-2088; reference:cve,2005-2089; 
reference:cve,2005-2090; reference:cve,2005-2091; reference:cve,2005-2092; 
reference:cve,2005-2093; reference:cve,2005-2094; reference:osvdb,17738; 
reference:nessus,18337; classtype:attempted-admin;)

Regards
Rmkml




More information about the Snort-sigs mailing list