[Snort-sigs] mods to sid:15477 makes it so it can be trivially bypassed?

Will Metcalf william.metcalf at ...2420...
Wed May 12 21:11:32 EDT 2010


Unless WebLogic doesn't support encodings I think the modifications
you have made to sid:15477 in the snort-2.8.6 rules make it so that
the rule can be trivially bypassed as using a
uricontent/isdataat,relative combo will always fail in the face of an
encoded uri even in 2.8.6.

Regards,

Will




More information about the Snort-sigs mailing list