Snort mailing list archives

Previous By Date Next
Previous By Thread Next

WEB-MISC prefix-get //

From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Thu, 13 Sep 2001 17:23:30 -0400


I'm using Snort 1.8.1 b78 on Red Hat Linux 7.0. I see a lot of these alerts
in my snort logs:

WEB-MISC prefix-get // 

When I look at the traces on the packets, it appears that someone just
basically put two slashes after the .com and before the rest of the URL.

I tried this on some valid URLs and if I use one slash or two slashes, it
seems to work either way. Does anyone know anything about this vulnerability
and what exploits are available etc? I can't seem to find any info on
it.....


Thanks


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: