[Snort-users] WEB-MISC prefix-get //
Sheahan, Paul (PCLN-NW)
Paul.Sheahan at ...2218...
Thu Sep 13 14:24:02 EDT 2001
I'm using Snort 1.8.1 b78 on Red Hat Linux 7.0. I see a lot of these alerts
in my snort logs:
WEB-MISC prefix-get //
When I look at the traces on the packets, it appears that someone just
basically put two slashes after the .com and before the rest of the URL.
I tried this on some valid URLs and if I use one slash or two slashes, it
seems to work either way. Does anyone know anything about this vulnerability
and what exploits are available etc? I can't seem to find any info on
More information about the Snort-users