[Snort-sigs] new rule for detect Trend Micro ServerProtect isaNVWRequest.dll access
rmkml at ...324...
Thu Dec 15 00:50:03 EST 2005
please check and maybe add this new rule :
web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS
(msg:"WEB-MISC Trend Micro ServerProtect isaNVWRequest.dll access";
flow:to_server,established; content:"POST"; nocase; depth:4;
uricontent:"/ControlManager/cgi-bin/VA/isaNVWRequest.dll"; nocase; reference:cve,2005-1929;
this rule is not the best, because not added "Transfer-Encoding: chunked".
Improve/comments are welcome.
More information about the Snort-sigs