[Snort-sigs] sid:2128 typo?

Brian Jameson tech at ...1160...
Thu Jun 9 09:15:48 EDT 2005


The signature for sid:2128 reads:-

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI
swsrv.cgi access"; flow:to_server,established; uricontent:"/srsrv.cgi";
nocase; reference:bugtraq,7510; reference:cve,2003-0217;
reference:nessus,11608; classtype:web-application-activity; sid:2128;
rev:5;)

Surely the uricontent should be "/swsrv.cgi" as per the msg: and the nessus
documentation or is the nessus scan/documentation wrong?

regards,
Brian





More information about the Snort-sigs mailing list