Feature #255
closedhttp-method
Description
http-method
Example:
[9838] 20/12/2010 -- 11:50:19 - (detect-http-method.c:184) <Warning> (DetectHttpMethodSetup) -- [ERRCODE: SC_WARN_COMPATIBILITY(159)] - http_method cannot be used with "fast_pattern" currently.Unsetting fast_pattern on this modifier. Signature ==> alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-MISC Sun Java System Web Server 7.0 WebDAV format string exploit attempt - LOCK method"; flow:to_server,established; content:"LOCK"; fast_pattern; nocase; http_method; content:"encoding"; pcre:"/\<\?xml[^\>]+encoding\s*\=\s*(\'|\")[^\'\"\>\%]*\%/"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:bugtraq,37910; reference:cve,2010-0388; classtype:attempted-user; sid:16427; rev:1;)
Updated by Anoop Saldanha almost 14 years ago
We will be introducing fast_pattern support http_method in a couple of days.
Updated by Victor Julien almost 14 years ago
- Due date set to 12/09/2011
- Status changed from New to Assigned
- Assignee set to Anoop Saldanha
- Target version set to 1.1beta2
- Estimated time set to 0.00 h
Adding no hours at it will be part of a task.
Updated by Victor Julien almost 14 years ago
- Due date changed from 12/09/2011 to 01/07/2011
Whoops wrong date :)
Updated by Victor Julien almost 14 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Support for this is in our tree currently.