[Snort-sigs] Offer a new sig for detecting HttpOxy vulnerability

rmkml rmkml at ...4129...
Mon Jul 18 14:52:30 EDT 2016


Hi,

The http://etplc.org open source project offer a new sig for detecting "HttpOxy" vulnerability:

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-MISC HttpOxy vulnerability HTTP Proxy header attempt";
flow:to_server,established; content:"Proxy|3A|"; nocase; http_header; pcre:"/^Proxy\x3a/Hsmi"; reference:url,httpoxy.org;
reference:cve,2016-5385; reference:cve,2016-5386; reference:cve,2016-5387; 
reference:cve,2016-5388; reference:cve,2016-1000109;reference:cve,2016-1000110; 
reference:url,isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/;
classtype:misc-attack; sid:1; rev:1;)

See reference for more information.

Don't forget check variables.

Please send any comments.

Regards
@Rmkml




More information about the Snort-sigs mailing list