Snort mailing list archives
Re: [Emerging-Sigs] New rule offered for detecting Zimbra conf/localconfig.xml attempt
From: Will Metcalf <william.metcalf () gmail com>
Date: Thu, 16 Jan 2014 16:21:04 -0600
Might be useful for proxied environments? Will get this into QA thanks. Regards, Will On Wed, Jan 15, 2014 at 3:01 PM, rmkml <rmkml () yahoo fr> wrote:
Hi, I'm offer a new rule for detecting Zimbra conf/localconfig.xml attempt. Warn: Zimbra run over HTTPS (no pb with etplc). alert tcp any any -> any $HTTPS_PORTS (msg:"WEB-MISC Zimbra conf/localconfig.xml attempt"; flow:to_server,established; content:"conf/localconfig.xml"; nocase; http_uri; reference:cve,2013-7091; reference:bugtraq,64149; reference:osvdb,100747; reference:exploitdb,30472; reference:cxsecurity,WLB-2013120097; classtype:web-application-attack; sid:1; rev:1; ) Please check all variables before use. Discovered during my new project http://etplc.org All comments are welcome. Regards @Rmkml _______________________________________________ Emerging-sigs mailing list Emerging-sigs () lists emergingthreats net https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net The ONLY place to get complete premium rulesets for all versions of Suricata and Snort 2.4.0 through Current!
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- New rule offered for detecting Zimbra conf/localconfig.xml attempt rmkml (Jan 15)
- Re: [Emerging-Sigs] New rule offered for detecting Zimbra conf/localconfig.xml attempt Will Metcalf (Jan 16)