Bug #737: reference parsing - rules - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #737

closed

reference parsing - rules

Added by Peter Manev over 11 years ago. Updated about 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Anoop Saldanha

Target version:

1.4.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

[9898] 28/1/2013 -- 14:47:39 - (detect-reference.c:128) <Error> (DetectReferenceParse) -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string nikto-scans

[9898] 28/1/2013 -- 14:47:39 - (detect.c:348) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert http any any -> any any (msg:"HTTP requests tests - sid 8000001 , pcap - 8000001 ";   content:"GET"; http_method; content:"/cgi-bin/cart32.exe"; http_uri; uricontent:"/cgi-bin/cart32.exe";   reference:nikto-scans; sid:8000001; rev:1;)" from file /root/Work/Python/Scripts/test45/8000001.rules at line 1

notice the wrong use of
reference:nikto-scans;
instead of
reference:url, www.webaddress.com;

the output err says:
[ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string nikto-scans
but that is misleading - it is not a pcre expression.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #737

reference parsing - rules

Updated by Victor Julien about 11 years ago

Updated by Anoop Saldanha about 11 years ago

Updated by Anoop Saldanha about 11 years ago

Updated by Victor Julien about 11 years ago