Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet

From: "Russ Combs \(rucombs\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Thu, 19 Dec 2019 11:58:24 +0000
Thanks.  Redirecting to snort-sigs.

From: 'Rajendra Prasad Palnaty' via Bugs <bugs () sourcefire com>
Reply-To: Rajendra Prasad Palnaty <rajendra () netskope com>
Date: Thursday, December 19, 2019 at 6:49 AM
To: "bugs () snort org" <bugs () snort org>
Subject: sid:34475; rev:3; This signature is trying to inspect HTTP request URI on HTTP Response packet

Hi,

Bug Details:
The below signature is written to inspect HTTP URI on HTTP Response packet, which is not possible or never occur. Could 
you please provide correct signature for this vulnerability.

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"SERVER-WEBAPP Wordpress username enumeration attempt"; 
flow:to_client,established,only_stream; content:"?author="; fast_pattern:only; nocase; http_uri; detection_filter:track 
by_src,count 100, seconds 2; metadata:policy max-detect-ips drop, service http; 
reference:url,www.acunetix.com/blog/web-security-zone/wordpress-username-enumeration-using-http-fuzzer/;<http://www.acunetix.com/blog/web-security-zone/wordpress-username-enumeration-using-http-fuzzer/;>
 classtype:attempted-recon; sid:34475; rev:3;)

Thanks
Rajendra

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: