alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT
WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2002764; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_WinProxy; sid:2002764; rev:5;)
Added 2009-02-07 22:00:26 UTC
FP - Cisco Soft Phone activity, see pcap.
--
RickChisholm - 09 Feb 2009
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT
WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2002764; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_WinProxy; sid:2002764; rev:5;)
Added 2009-02-07 22:00:26 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT
WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:4;)
Added 2008-01-25 10:56:38 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT
WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:4;)
Added 2008-01-25 10:56:38 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE EXPLOIT
WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:3; )
Added 2007-10-27 10:16:07 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE EXPLOIT
WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:3; )
Added 2007-10-27 10:16:07 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE WEB MISC
WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:3; )