Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

[Snort-users] another content

From: <Aditya(at)directnet.com.br>
Date: Thu Feb 27 2003 - 09:21:14 EST

Hi freinds
Are the content options sequantial to?
like the uricontent opton??
or no?

Aditya

>Do uricontent's get checked in sequentially like content options? In particular sid 1072 has two >uricontent options. According to most of the advisories these two uricontents need to appear in the >order they are defined ie "GET /.nsf/../somefile". However I am receiving alerts for URI >like "GET /../prog.nsf/data/file". Is this expected behaviour?

>alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC Lotus Domino directory >traversal"; uricontent:".nsf/"; uricontent:"../"; nocase; flow:t>o_server,established; >reference:cve,CVE-2001-0009; reference:bugtraq,2173; classtype:web-application-attack; sid:1072; >rev:6;)

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Thu Feb 27 10:04:08 2003

This message: [ Message body ]
Next message: David E. Gianndrea: "[Snort-users] Anybody been seeing this / What is it."
Previous message: Read, Andrew: "[Snort-users] Snortcenter + Acid + MySQL + $portscan_file"
In reply to Lawrence Reed: "[Snort-users] Another uricontent question"
Reply: Chris Green: "Re: [Snort-users] Another uricontent question"
Reply: Chris Green: "Re: [Snort-users] Another uricontent question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 11:49:55 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library