On 0, JC <monroe@peoplego.com> allegedly wrote:
SID 3466 CVE refrenece is totally off
"reference"
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC
Authorization Basic overflow attempt"; flow:to_server,established;
content:"Authorization|3A|"; nocase; content:"Basic"; distance:0;
nocase; pcre:"/^Authorization\x3a\s*Basic\s[^\n]{200}/smi";
reference:bugtraq,8375; reference:cvs,2003-0727; classtype:web-
application-attack; sid:3466; rev:3;)
should be
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC
Authorization Basic overflow attempt"; flow:to_server,established;
content:"Authorization|3A|"; nocase; content:"Basic"; distance:0;
nocase; pcre:"/^Authorization\x3a\s*Basic\s[^\n]{200}/smi";
reference:bugtraq,8375; reference:cve,2003-0727; classtype:web-
application-attack; sid:3466; rev:3;)
And by totally off you mean the reference:cve, was mistakenly written as
reference:cvs,
ok. Thanks.
+--------------------------------------------------------------------+
Nigel Houghton Research Engineer Sourcefire Inc.
Vulnerability Research Team
I require a window seat and an inflight Happy Meal, and no pickles!
God help you if I find pickles!
-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
