[Snort-sigs] Snort Community Rules Update
research at ...435...
Thu Jun 1 13:00:02 EDT 2006
This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000315-100000316.
The first rule detects HTTP PUT requests, and sets the http.put flowbit;
the second rule checks this flowbit and then detects an HTTP 200
OK-style response. These rules are intended to alert administrators to
successful, unauthorized PUT requests, which are often used to deface
improperly configured web servers. Due to the fact that many legitimate
applications use HTTP PUT requests, these rules are disabled by default;
users who are considering enabling them should first read the included
Additionally, classtypes have been added to all rules which previously
lacked them, as several users had reported problems with rules that had
Sourcefire would like to thank David Bianco for submitting the new
rules. As a reminder, anyone who wishes to submit rules may do so at
A list of modified rules and their SIDs follows.
Community Rules Maintainer
100000315 || COMMUNITY WEB-MISC HTTP PUT Request
100000316 || COMMUNITY WEB-MISC HTTP PUT Request Successful
More information about the Snort-sigs