Snort mailing list archives
Re: 34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet
From: "Russ Combs \(rucombs\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Thu, 19 Dec 2019 11:58:24 +0000
Thanks. Redirecting to snort-sigs. From: 'Rajendra Prasad Palnaty' via Bugs <bugs () sourcefire com> Reply-To: Rajendra Prasad Palnaty <rajendra () netskope com> Date: Thursday, December 19, 2019 at 6:49 AM To: "bugs () snort org" <bugs () snort org> Subject: sid:34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet Hi, Bug Details: The below signature is written to inspect HTTP URI on HTTP Response packet, which is not possible or never occur. Could you please provide correct signature for this vulnerability. alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"SERVER-WEBAPP Wordpress username enumeration attempt"; flow:to_client,established,only_stream; content:"?author="; fast_pattern:only; nocase; http_uri; detection_filter:track by_src,count 100, seconds 2; metadata:policy max-detect-ips drop, service http; reference:url,www.acunetix.com/blog/web-security-zone/wordpress-username-enumeration-using-http-fuzzer/;<http://www.acunetix.com/blog/web-security-zone/wordpress-username-enumeration-using-http-fuzzer/;> classtype:attempted-recon; sid:34475; rev:3;) Thanks Rajendra
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Re: 34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet Russ Combs (rucombs) via Snort-sigs (Dec 19)
- Re: 34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet Alex McDonnell (Dec 19)