2149.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid: 2149


--
Summary:
This event is generated when an attempt is made to exploit a weakness in a php application. 

--
Impact:
Information gathering.

--
Detailed Information:
This event indicates that an attempt has been made to exploit potential weaknesses in php applications.

The Turba of Horde PHP application allows a user to request the status.php file which may disclose valuable information about the host and the application.

The attacker may be trying to gain information on the php implementation on the host, this may be the prelude to an attack against that host using that information.

--
Affected Systems:
Any host using Turba of Horde php application.

--
Attack Scenarios:
An attacker can retrieve a sensitive file containing information on the php application on the host. The attacker might then gain administrator access to the site or database.

--
Ease of Attack:
Simple.

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Check the php implementation on the host. Ensure all measures have been taken to deny access to sensitive files.

Check the host for signs of compromise.

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:


--