[Snort-sigs] SID 3466 reference incorrect

Nigel Houghton nigel at ...435...
Sun Jul 10 20:01:37 EDT 2005


On  0, JC <monroe at ...745...> allegedly wrote:
> SID 3466 CVE refrenece is totally off

 "reference"

> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC
> Authorization Basic overflow attempt"; flow:to_server,established;
> content:"Authorization|3A|"; nocase; content:"Basic"; distance:0;
> nocase; pcre:"/^Authorization\x3a\s*Basic\s[^\n]{200}/smi";
> reference:bugtraq,8375; reference:cvs,2003-0727; classtype:web-
> application-attack; sid:3466; rev:3;)
> should be 
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC
> Authorization Basic overflow attempt"; flow:to_server,established;
> content:"Authorization|3A|"; nocase; content:"Basic"; distance:0;
> nocase; pcre:"/^Authorization\x3a\s*Basic\s[^\n]{200}/smi";
> reference:bugtraq,8375; reference:cve,2003-0727; classtype:web-
> application-attack; sid:3466; rev:3;)
 
And by totally off you mean the reference:cve, was mistakenly written as
reference:cvs,

ok. Thanks.

+--------------------------------------------------------------------+
     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team

 I require a window seat and an inflight Happy Meal, and no pickles! 
 God help you if I find pickles!




More information about the Snort-sigs mailing list