[Snort-sigs] new rule for detect Linksys apply.cgi overflow

rmkml rmkml at ...324...
Fri Oct 28 06:51:36 EDT 2005


Hi,

please check and add this new rule :

web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS 
(msg:"WEB-MISC Linksys apply.cgi overflow attempt"; 
flow:to_server,established; uricontent:"/apply.cgi"; 
content:"Content-Length|3A|"; pcre:"/[\S]{1000,}/smi";
reference:bugtraq,14822; reference:cve,2005-2799; 
reference:nessus,20096; reference:osvdb,19389; 
classtype:web-application-attack; )

This rule detect exploit on Linksys cgi apply overflow.
http://www.osvdb.org/displayvuln.php?osvdb_id=19389

Improve are welcome.

Regards
Rmkml





More information about the Snort-sigs mailing list