[Snort-sigs] new rule for detect Apple QTJava toQTPointer() access

rmkml rmkml at ...324...
Tue May 1 18:45:55 EDT 2007


Hi,

please check and maybe add this new rule :

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT Apple QTJava toQTPointer() with param access"; flow:to_client,established; content:".toQTPointer("; pcre:!"/\.toQTPointer\(\s*\)/i"; reference:cve,2007-2175; classtype:web-application-activity; sid:91842; rev:1;)

Any suggestions and improvements are welcome,

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact at ...3281...
=> Crusoe Researches have more than 1842 UNIQ 'snort' rules for Commercial Access
    (Contact me directly if you are interested)

Azwalaro French new nidps open source project
http://www.Crusoe-Researches.com/azwalaro/
azwalaro at ...3281...

Regards
Rmkml




More information about the Snort-sigs mailing list