EmergingThreats> Main Web>2002764 (revision 1)EditAttach

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2002764; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_WinProxy; sid:2002764; rev:5;)

Added 2009-02-07 22:00:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2002764; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_WinProxy; sid:2002764; rev:5;)

Added 2009-02-07 22:00:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:4;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:4;)

Added 2008-01-25 10:56:38 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:3; )

Added 2007-10-27 10:16:07 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE EXPLOIT WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:3; )

Added 2007-10-27 10:16:07 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE WEB MISC WinProxy? Host port buffer overflow"; flow:established,to_server; content:"Host\:"; nocase; within:500; pcre:"/\nHost\:\s*((?!\s*https?\:|\s*ftp\:)|https?\:|ftp\:)[^\n\:]*\:[^\n]{7}/i"; reference:cve,2005-4085; reference:bugtraq,16147; classtype:bad-unknown; sid:2002764; rev:3; )



Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2009-02-09 - RickChisholm
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats