[Snort-sigs] new rule for detect Apple QTJava toQTPointer() access
rmkml at ...324...
Tue May 1 18:45:55 EDT 2007
please check and maybe add this new rule :
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT Apple QTJava toQTPointer() with param access"; flow:to_client,established; content:".toQTPointer("; pcre:!"/\.toQTPointer\(\s*\)/i"; reference:cve,2007-2175; classtype:web-application-activity; sid:91842; rev:1;)
Any suggestions and improvements are welcome,
contact at ...3281...
=> Crusoe Researches have more than 1842 UNIQ 'snort' rules for Commercial Access
(Contact me directly if you are interested)
Azwalaro French new nidps open source project
azwalaro at ...3281...
More information about the Snort-sigs