#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack"; flow:established,to_server; content:"Content-Type|3A| application|2F|x-www-form-urlencoded"; nocase; http_header; isdataat:1500; pcre:"/([\w\x25]+=[\w\x25]*&){500}/OPsmi"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014045; rev:2;)

Added 2012-01-06 16:36:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack"; flow:established,to_server; content:"Content-Type|3A| application|2F|x-www-form-urlencoded"; nocase; http_header; isdataat:1500; pcre:"/([\w\x25]+=[\w\x25]*&){500}/OPsmi"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014045; rev:2;)

Added 2011-12-30 19:58:59 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack"; flow:established,to_server; content:"Content-Type|3A| application|2F|x-www-form-urlencoded"; nocase; http_header; isdataat:1500; pcre:"/([\w\x25]+=[\w\x25]*&){500}/OPsmi"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014045; rev:2;)

Added 2011-12-30 19:24:09 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Generic Web Server Hashing Collision Attack"; flow:established,to_server; content:"Content-Type|3A| application|2F|x-www-form-urlencoded"; nocase; http_header; isdataat:1500; pcre:"/([\w\x25]+=[\w\x25]*&){500}/OPsmi"; reference:cve,2011-3414; reference:url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html; reference:url,technet.microsoft.com/en-us/security/advisory/2659883; reference:url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx; classtype:attempted-dos; sid:2014045; rev:2;)

Added 2011-12-30 18:03:32 UTC


Topic revision: r1 - 2012-01-06 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats