[Snort-sigs] False Positive, 119:4 (htp_inspect: BARE BYTE UNICODE ENCODING) -update

David Morris icurnet at ...2420...
Fri Jan 28 07:04:09 EST 2005


I put information about the false alerts below.

David

# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work. 
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
# 
# $Id$
#
# 

Rule:  n/a

--
Sid: 119:4 (htp_inspect: BARE BYTE UNICODE ENCODING)

--
Summary:

--
Impact:

--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:

RedHat Enterprise ES/AS running squid-2.5.STABLE1-2 (any squid version
on any RedHat version) will cause false positives on your NIDS System.

--
False Negatives:

--
Corrective Action:

--
Contributors:

icurnet at ...2420...

-- 
Additional References
====
end




More information about the Snort-sigs mailing list