alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; reference:url,doc.emergingthreats.net/2004115; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_IIS_Auth_Bypass; sid:2004115; rev:5;)
Added 2009-02-16 21:30:25 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; reference:url,doc.emergingthreats.net/2004115; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_IIS_Auth_Bypass; sid:2004115; rev:5;)
Added 2009-02-16 21:30:25 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:4;)
Added 2008-05-18 19:52:12 UTC
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:4;)
Added 2008-05-18 19:52:12 UTC
alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:3;)
Added 2008-01-25 09:49:34 UTC
alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:3;)
Added 2008-01-25 09:49:34 UTC
alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT EVENTS MS IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:2;)
Added 2008-01-09 20:38:27 UTC
alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT_EVENTS MS IIS Auth Bypass Attempt"; flow:established,to_server; uricontent:"Webhitsfile="; uricontent:"CiRestriction="; uricontent:"CiHiliteType=full"; classtype:attempted-admin; reference:url,support.microsoft.com/kb/328832; sid:2004115; rev:1;)
Added 2007-06-03 11:31:57 UTC