[Snort-sigs] New rule for detect ColdFusion view source with double encoding null byte
rmkml at ...324...
Wed Jan 10 10:06:59 EST 2007
Please check and maybe add this new rule for detect ColdFusion view source with double encoding null byte :
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-COLDFUSION double encoding null byte .cfm view source attempt"; flow:to_server,established; uricontent:".cfm"; nocase; content:"%2500"; reference:cve,2006-5858; classtype:attempted-recon; sid:+1; rev:1;)
contact at ...3281...
CR have already created more than 1500 new rules ! (commercial access)
More information about the Snort-sigs