No subject

Thu Nov 23 16:36:19 EST 2017

doesn't happen regularly.  If someone on your network uses WEBDAV,
please test out this rule.   If there are any false possitives, please
e-mail me.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 \
  (msg:"WEB-MISC webdav propfind access";       \
  content:"<a:propfind"; nocase;                \
  content:"xmlns:a=\"DAV:\">"; nocase;          \
  flags: A+; reference:CVE-2000-0869;)

Brian Caswell
The MITRE Corporation

More information about the Snort-users mailing list