[Snort-sigs] A doubt about snort sid 1932
wh2000 at ...2420...
Mon Mar 7 11:33:03 EST 2005
I found that the snort rule 1932 describes :
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI
rpc-smb.pl access"; flow:to_server,established; uricontent:"/rpc-smb.pl";
reference:cve,1999-1278; classtype:web-application-activity; sid:1932;
But after I searched the detail of rpc-smb.pl,I found nothing relevant to
it.And in cve：1999-1278 which referrs to this rule，it gives another name
So,I what to know is this rule right,Anyone can help?
More information about the Snort-sigs