This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000315-100000316.
The first rule detects HTTP PUT requests, and sets the http.put flowbit;
the second rule checks this flowbit and then detects an HTTP 200
OK-style response. These rules are intended to alert administrators to
successful, unauthorized PUT requests, which are often used to deface
improperly configured web servers. Due to the fact that many legitimate
applications use HTTP PUT requests, these rules are disabled by default;
users who are considering enabling them should first read the included
rule documentation.
Additionally, classtypes have been added to all rules which previously
lacked them, as several users had reported problems with rules that had
no classtype.
Sourcefire would like to thank David Bianco for submitting the new
rules. As a reminder, anyone who wishes to submit rules may do so at
http://www.snort.org/reg-bin/rulesubmit.cgi.
A list of modified rules and their SIDs follows.
Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.
100000315 || COMMUNITY WEB-MISC HTTP PUT Request
100000316 || COMMUNITY WEB-MISC HTTP PUT Request Successful
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
