[Snort-sigs] SID:4135 False Positives

Siemens, Mike Michael.Siemens at ...3262...
Fri Oct 27 16:33:45 EDT 2006

We are receiving alerts on this rule (GEN:SID 1:4135 "WEB-CLIENT IE JPEG heap
overflow single packet attempt") on several legitimate web sites including
banks, customers, business partners and vendors. The data that I'm viewing in
BASE doesn't seem to indicate the jpeg file that is causing the alert. What
can I do to assist you in verifying that these are true or false positives?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20061027/d4b8485d/attachment.html>

More information about the Snort-sigs mailing list