Snort mailing list archives

Previous By Date Next
Previous By Thread Next

mods to sid:15477 makes it so it can be trivially bypassed?

From: Will Metcalf <william.metcalf () gmail com>
Date: Wed, 12 May 2010 20:11:32 -0500
Unless WebLogic doesn't support encodings I think the modifications
you have made to sid:15477 in the snort-2.8.6 rules make it so that
the rule can be trivially bypassed as using a
uricontent/isdataat,relative combo will always fail in the face of an
encoded uri even in 2.8.6.

Regards,

Will

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: