[Snort-users] web-cgi.rule: sid:885

Phil Wood cpw at ...440...
Tue Jul 16 17:21:03 EDT 2002


Folks,

Guess what's wrong with this rule:

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bash access";flags:A+; uricontent:"/bash"; nocase; reference:cve,CAN-1999-0509; reference:url,www.cert.org/advisories/CA-1996-11.html; classtype:web-application-activity; classtype:web-application-activity; sid:885;  rev:5;)

Later,

Phil




More information about the Snort-users mailing list