This is an update to a snort sig that we posted earlier for the recently announced TWiki vulnerability that allows for remote code execution:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:\
Note: This is a single line that has been broken to allow for better formatting in the diary. The "\" characters at the end of the lines above show where the line breaks have been added. Many thanks to Joe Esler, Chas Tomlin, Jason Brvenik, and Frank Knobbe and all the folks from Bleeding Edge (you guys rock!).
Sep 19th 2005
1 decade ago