alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INFO Vulnerable iTunes Version 10.6.x"; flow:established,to_server; content:"User-Agent|3a| iTunes/10.6."; http_header; pcre:"/^User-Agent\x3a\x20iTunes\/10\.6\.[0-1]/Hm"; flowbits:set,ET.iTunes.vuln; flowbits:noalert; classtype:policy-violation; sid:2014954; rev:8;)

Added 2013-12-09 19:23:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INFO Vulnerable iTunes Version 10.6.x"; flow:established,to_server; content:"User-Agent|3a| iTunes/"; http_header; content:!"10.7"; http_header; within:4; flowbits:set,ET.iTunes.vuln; flowbits:noalert; classtype:policy-violation; sid:2014954; rev:7;)

Added 2013-01-31 21:30:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INFO Vulnerable iTunes Version 10.6.x"; flow:established,to_server; content:"User-Agent|3a| iTunes/"; http_header; content:!"10.7"; http_header; within:4; flowbits:set,ET.iTunes.vuln; classtype:policy-violation; sid:2014954; rev:6;)

Added 2012-09-14 21:29:40 UTC

Unfortunately matches to iTunes 10.8. The update procedure should change to not trigger false alerts with every release.

-- GuH - 11 Dec 2012

On it! We'll get this adjusted.

Thanks

Matt

-- MattJonkman - 12 Dec 2012

False positive on users running version 11.0.1

-- JonH - 30 Jan 2013


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET INFO Vulnerable iTunes Version 10.6.x"; flow:established,to_server; content:"User-Agent|3a| iTunes/"; http_header; content:!"10.6.3"; http_header; within:6; flowbits:set,ET.iTunes.vuln; classtype:policy-violation; sid:2014954; rev:4;)

Added 2012-06-26 12:21:16 UTC


Topic revision: r4 - 2013-01-30 - JonH
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats