[Snort-users] Rule 17494

Jefferson, Shawn Shawn.Jefferson at ...14448...
Fri Oct 1 15:08:23 EDT 2010


Anyone else notice this rule, 17494 triggering a lot today?  Or is it just me... it's an old vulnerability from 2006.

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-CLIENT Microsoft Internet Explorer Long URL Buffer Overflow attempt"; flow:established,to_server; urilen:>260; content:"GET"; http_method; content:"HTTP|2F|1|2E|1|0D 0A|"; metadata:service http; reference:bugtraq,19667; reference:cve,2006-3869; classtype:attempted-user; sid:17494; rev:1;)

--
Shawn Jefferson, IT Security, GCIH, GCFA
British Columbia Ferry Services Inc.
Tel: (250) 978-1508
Fax: (250) 405-3533
Shawn.Jefferson at ...14448...<mailto:Shawn.Jefferson at ...14448...> | www.bcferries.com<http://www.bcferries.com>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101001/2882f3eb/attachment.html>


More information about the Snort-users mailing list