alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt"; flow:established,to_server; content:"POST"; nocase; http_method; content:"/goform/formLogin"; nocase; http_uri; content:"Login="; nocase; http_client_body; content:!"|0A|"; http_client_body; within:300; isdataat:300,relative; pcre:"/Login=[^\r\n]{300}/Pi"; reference:url,www.securityfocus.com/bid/36933; reference:cve,2009-2685; reference:url,doc.emergingthreats.net/2010699; classtype:web-application-attack; sid:2010699; rev:6;)

Added 2012-04-23 23:04:27 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt"; flow:established,to_server; content:"POST"; nocase; http_method; content:"/goform/formLogin"; nocase; http_uri; content:"Login="; nocase; content:!"|0A|"; within:300; isdataat:300,relative; pcre:"/\x2Fgoform\x2FformLogin.+Login=.{300}/smi"; reference:url,www.securityfocus.com/bid/36933; reference:cve,2009-2685; reference:url,doc.emergingthreats.net/2010699; classtype:web-application-attack; sid:2010699; rev:4;)

Added 2011-10-12 19:30:21 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt"; flow:established,to_server; content:"POST"; nocase; http_method; content:"/goform/formLogin"; nocase; http_uri; content:"Login="; nocase; content:!"|0A|"; within:300; isdataat:300,relative; pcre:"/\x2Fgoform\x2FformLogin.+Login=.{300}/smi"; classtype:web-application-attack; reference:url,www.securityfocus.com/bid/36933; reference:cve,2009-2685; reference:url,doc.emergingthreats.net/2010699; sid:2010699; rev:4;)

Added 2011-09-14 22:43:33 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt"; flow:established,to_server; content:"POST"; nocase; http_method; content:"/goform/formLogin"; nocase; http_uri; content:"Login="; nocase; content:!"|0A|"; within:300; isdataat:300,relative; pcre:"/\x2Fgoform\x2FformLogin.+Login=.{300}/smi"; classtype:web-application-attack; reference:url,www.securityfocus.com/bid/36933; reference:cve,2009-2685; reference:url,doc.emergingthreats.net/2010699; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_HP_Power_Manager; sid:2010699; rev:4;)

Added 2011-02-04 17:30:19 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt"; flow:established,to_server; content:"POST "; depth:5; nocase; uricontent:"/goform/formLogin"; nocase; content:"Login="; nocase; content:!"|0A|"; within:300; isdataat:300,relative; pcre:"/\x2Fgoform\x2FformLogin.+Login=.{300}/smi"; classtype:web-application-attack; reference:url,www.securityfocus.com/bid/36933; reference:cve,2009-2685; reference:url,doc.emergingthreats.net/2010699; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_HP_Power_Manager; sid:2010699; rev:3;)

Added 2010-03-15 11:00:48 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt"; flow:established,to_server; content:"POST "; depth:5; nocase; uricontent:"/goform/formLogin"; nocase; content:"Login="; nocase; content:!"|0A|"; within:300; isdataat:300,relative; pcre:"/\x2Fgoform\x2FformLogin.+Login=.{300}/smi"; classtype:web-application-attack; reference:url,www.securityfocus.com/bid/36933; reference:cve,2009-2685; reference:url,doc.emergingthreats.net/2010699; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_HP_Power_Manager; sid:2010699; rev:3;)

Added 2010-03-15 11:00:48 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt"; flow:established,to_server; content:"POST "; depth:5; nocase; uricontent:"/goform/formLogin"; nocase; content:"LoginButton="; nocase; content:"Login="; nocase; within:30; content:!"|0A|"; within:300; isdataat:300,relative; pcre:"/\x2Fgoform\x2FformLogin.+LoginButton=.+Login=.{300}/smi"; classtype:web-application-attack; reference:url,www.securityfocus.com/bid/36933; reference:cve,2009-2685; reference:url,doc.emergingthreats.net/2010699; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_HP_Power_Manager; sid:2010699; rev:2;)

Added 2010-01-21 11:13:20 UTC


Topic revision: r1 - 2012-04-24 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats