📄 119-8.txt
字号:
Rule: --Sid: 119-8-- Summary: This event is generated when the pre-processor http_inspectdetects network traffic that may constitute an attack.-- Impact: Unknown. This may be an attempt to evade an IDS.--Detailed Information:This event is generated when the pre-processor http_inspect detects webrequests that incorporate multiple concurrent "/" characters.This may be an attempt to obfuscate an attack and may also indicate anattempt to evade an IDS.--Affected Systems: All web servers.--Attack Scenarios: An attacker can add multiple "/" characters to a request like this.GET http://www.victim.com////////////////vulnerable/application.dll-- Ease of Attack: Simple.-- False Positives:None Known.--False Negatives:None Known.-- Corrective Action:Check the target host for signs of compromise.Apply any appropriate vendor supplied patches.--Contributors:Daniel Roelker <droelker@sourcefire.com> Sourcefire Vulnerability Research TeamNigel Houghton <nigel.houghton@sourcefire.com>-- Additional References:HTTP IDS Evasions Revisited - Daniel Roelkerhttp://docs.idsresearch.org/http_ids_evasions.pdf--⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -