#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack 2"; flow:established,to_server; content:"Content-Type|3A| multipart/form-data"; nocase; http_header; isdataat:5000; pcre:"/(\r\nContent-Disposition\x3a\s+form-data\x3b[^\r\n]+\r\n\r\n.+?){250}/OPsmi"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014046; rev:2;)

Added 2012-08-17 16:40:59 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack 2"; flow:established,to_server; content:"Content-Type|3A| multipart/form-data"; nocase; http_header; isdataat:5000; pcre:"/(\r\nContent-Disposition\x3a\s+form-data\x3b[^\r\n]+\r\n\r\n.+?){250}/OPsmi"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014046; rev:2;)

Added 2011-12-30 19:58:59 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack 2"; flow:established,to_server; content:"Content-Type|3A| multipart/form-data"; nocase; http_header; isdataat:5000; pcre:"/(\r\nContent-Disposition\x3a\s+form-data\x3b[^\r\n]+\r\n\r\n.+?){250}/OPsmi"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014046; rev:2;)

Added 2011-12-30 19:24:09 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack 2"; flow:established,to_server; content:"Content-Type|3A| multipart/form-data"; nocase; http_header; isdataat:5000; pcre:"/(\r\nContent-Disposition\x3a\s+form-data\x3b[^\r\n]+\r\n\r\n.+?){250}/OPsmi"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014046; rev:2;)

Added 2011-12-30 18:03:33 UTC


Topic revision: r1 - 2012-08-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats