[Snort-users] WEB-MISC prefix-get //

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Thu Sep 13 14:24:02 EDT 2001


I'm using Snort 1.8.1 b78 on Red Hat Linux 7.0. I see a lot of these alerts
in my snort logs:

WEB-MISC prefix-get // 

When I look at the traces on the packets, it appears that someone just
basically put two slashes after the .com and before the rest of the URL.

I tried this on some valid URLs and if I use one slash or two slashes, it
seems to work either way. Does anyone know anything about this vulnerability
and what exploits are available etc? I can't seem to find any info on
it.....


Thanks





More information about the Snort-users mailing list