Re: Meaning of exploit logs

[Chris Green <cmg () uab edu>]

"Jason Oakley" <JOakley () orange net au> writes:

> Hi.
>
> Where can I find the exact descriptions for, eg. "WEB-CGI redirect access".  Is there a central storage location? It 
> would be handy if there was because probably not every security website would call the exploit/vulnerability the same 
> thing.  I've done searches to try and find out what the above means and so far (after looking on many sites and about 
> 10 search engines) have turned up not much at all.

Snort CVS helps with this a great deal by having helpful reference
tags. Having a checkout on hand is worth it even if you are just
poking to see what is up with the rulesets that Brian has been
actively cleaning up.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-CGI redirect
access";flags: A+; uricontent:"/redirect";
nocase;reference:bugtraq,1179; classtype:attempted-recon;)

Note the reference:

bugtraq 1179

maps to

http://www.securityfocus.com/bid/1179

sp_reference.h will give you the list of what references map to what
urls.
-- 
Chris Green <cmg () uab edu>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users