Sophie

Sophie

distrib > Mandriva > 8.2 > i586 > by-pkgid > 90137ba41868861e4af055de0961e4de > files > 35

snort-1.8.3-4mdk.i586.rpm

# (C) Copyright 2001, Martin Roesch, Brian Caswell, et al.  All rights reserved.
# $Id: web-misc.rules,v 1.43 2001/11/28 22:00:51 cazz Exp $
#---------------
# WEB-MISC RULES
#---------------

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Cisco IOS HTTP configuration attempt"; uricontent:"/level/"; uricontent:"/exec/"; flags:A+; classtype:web-application-attack; reference:bugtraq,2936; sid:1250; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Netscape Enterprise DOS"; content:"REVLOG / "; offset:0; depth:7; flags:A+; reference:cve,CAN-2001-0251; reference:bugtraq,2294; classtype:web-application-attack; sid:1047; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Netscape Enterprise directory listing attempt"; content:"INDEX "; offset:0; depth:6; flags:A+; reference:cve,CAN-2001-0250; reference:bugtraq,2285; classtype:web-application-attack; sid:1048; rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC iPlanet ../../ DOS attempt"; content:"GET "; offset:0; depth:4; uricontent:"/../../../../../../../../../../../"; flags:A+; classtype:web-application-attack; sid:1049; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC iPlanet GETPROPERTIES attempt"; content:"GETPROPERTIES"; offset:0; depth:13; classtype:web-application-attack; sid:1050; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC technote main.cgi file directory traversal attempt"; flags:A+; uricontent:"/technote/main.cgi"; nocase; content:"filename="; nocase; content:"../../"; reference:cve,CVE-2001-0075; reference:bugtraq,2156; classtype:web-application-attack; sid:1051; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC technote print.cgi directory traversal attempt"; flags:A+; uricontent:"/technote/print.cgi"; nocase; content:"board="; nocase; content:"../../"; content:"%00"; reference:cve,CAN-2001-0075; reference:bugtraq,2156; classtype:web-application-attack; sid:1052; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ads.cgi command execution attempt"; flags:A+; uricontent:"/ads.cgi"; nocase; content:"file="; nocase; content:"../../"; content:"\|"; reference:cve,CAN-2001-0025; reference:bugtraq,2103; classtype:web-application-attack; sid:1053; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC weblogic view source attempt"; flags:A+; uricontent:".js%70"; reference:bugtraq,2527; classtype:web-application-attack; sid:1054; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tomcat directory traversal attempt"; flags:A+; uricontent:"%00.jsp"; reference:bugtraq,2518;  classtype:web-application-attack; sid:1055; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tomcat view source attempt"; flags:A+; uricontent:"%252ejsp"; reference:bugtraq,2527; classtype:web-application-attack; sid:1056; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ftp attempt";flags: A+; content:"ftp.exe"; nocase; classtype:web-application-activity; sid:1057; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC enumdsn attempt";flags: A+; content:"xp_enumdsn"; nocase; classtype:web-application-attack; sid:1058; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC filelist attempt";flags: A+; content:"xp_filelist"; nocase; classtype:web-application-attack; sid:1059; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC availablemedia attempt";flags: A+; content:"xp_availablemedia"; nocase; classtype:web-application-attack; sid:1060; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cmdshell attempt";flags: A+; content:"xp_cmdshell"; nocase; classtype:web-application-attack; sid:1061; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC nc.exe attempt";flags: A+; content:"nc.exe"; nocase; classtype:web-application-activity; sid:1062; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC wsh attempt";flags: A+; content:"wsh.exe"; nocase; classtype:web-application-activity; sid:1064; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC rcmd attempt";flags: A+; content:"rcmd.exe"; nocase; classtype:web-application-activity; sid:1065; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC telnet attempt";flags: A+; content:"telnet.exe"; nocase; classtype:web-application-activity; sid:1066; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC net attempt";flags: A+; content:"net.exe"; nocase; classtype:web-application-activity; sid:1067; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tftp attempt";flags: A+; content:"tftp.exe"; nocase; classtype:web-application-activity; sid:1068; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC regread attempt";flags: A+; content:"xp_regread"; nocase; classtype:web-application-activity; sid:1069; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webdav search access"; flags: A+; content: "SEARCH "; depth: 8; nocase;reference:arachnids,474; classtype:web-application-activity; sid:1070; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .htpasswd access"; flags:A+; content:".htpasswd"; nocase; classtype:web-application-attack; sid:1071; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Lotus Domino directory traversal"; uricontent:".nsf/"; uricontent:"../"; nocase; flags:A+; classtype:web-application-attack; sid:1072; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webhits.exe access";flags: A+; uricontent:"/scripts/samples/search/webhits.exe"; nocase; classtype:web-application-activity; sid:1073; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC postinfo.asp access";flags: A+; uricontent:"/scripts/postinfo.asp"; nocase; classtype:web-application-activity; sid:1075; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC repost.asp access";flags: A+; uricontent:"/scripts/repost.asp"; nocase; classtype:web-application-activity; sid:1076; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC queryhit.htm access";flags: A+; uricontent:"/samples/search/queryhit.htm"; nocase; classtype:web-application-activity; sid:1077; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC counter.exe access";flags: A+; uricontent:"/scripts/counter.exe"; nocase; reference:bugtraq,267; classtype:web-application-activity; sid:1078; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webdav propfind access"; content:"<a\:propfind"; nocase; content:"xmlns\:a=\"DAV\">"; nocase; flags: A+; reference:cve,CVE-2000-0869; classtype:web-application-activity; sid:1079; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC unify eWave ServletExec upload"; content:"(com.unify.servletexec.UploadServlet"; nocase; flags:a+; classtype:web-application-attack; sid:1080; rev:3; reference:bugtraq,1868;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape servers suite DOS"; flags: A+; uricontent:"/dsgw/bin/search?context="; nocase; classtype:web-application-attack; sid:1081; rev:3; reference:bugtraq,1868;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC amazon 1-click cookie theft"; flags: A+; content:"ref%3Cscript%20language%3D%22Javascript"; nocase; classtype:web-application-attack; sid:1082; rev:4; reference:bugtraq,1194; reference:cve,CVE-2000-0439;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC unify eWave ServletExec DOS"; flags: A+; uricontent:"/servlet/ServletExec"; classtype:web-application-activity; sid:1083; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Allaire JRUN DOS attempt"; flags: A+; content:"servlet/......."; nocase; classtype:web-application-attack; sid:1084; rev:3; reference:bugtraq,2337;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC PHP strings overflow"; flags: A+; content: "|ba49feffff f7d2 b9bfffffff f7d1|"; reference:bugtraq,802; reference:arachnids,431; classtype:web-application-attack; sid:1085; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC PHP strings overflow"; flags: A+; content: "?STRENGUR ";reference:arachnids,430; classtype:web-application-attack; sid:1086; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC eXtropia webstore directory traversal"; flags: A+; uricontent:"/web_store.cgi"; content:"page=../"; reference:bugtraq,1774; classtype:web-application-attack; sid:1088; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC shopping cart directory traversal"; flags: A+; uricontent:"/shop.cgi"; content:"page=../"; reference:bugtraq,1777; classtype:web-application-attack; sid:1089; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Allaire Pro Web Shell attempt"; flags: A+; uricontent:"/authenticate.cgi?PASSWORD"; content:"config.ini"; classtype:web-application-attack; sid:1090; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ICQ Webfront HTTP DOS"; flags: A+; uricontent:"??????????"; classtype:web-application-attack; sid:1091; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Armada Style Master Index directory traversal"; flags: A+; uricontent:"/search.cgi?keys"; content:"catigory=../"; classtype:web-application-attack; sid:1092; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC moreover shopping cart directory traversal"; flags: A+; uricontent:"/cached_feed.cgi"; content:"../"; reference:bugtraq,1762; classtype:web-application-attack; sid:1093; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webstore directory traversal"; uricontent:"/web_store.cgi?page=../.."; flags:A+; classtype:web-application-attack; sid:1094; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Talentsoft Web+ Source Code view access";flags: A+; uricontent:"/webplus.exe?script=test.wml";reference:bugtraq,1722; classtype:web-application-attack; sid:1095; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Talentsoft Web+ internal IP Address access";flags: A+; uricontent:"/webplus.exe?about";reference:bugtraq,1720; classtype:web-application-activity; sid:1096; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Talentsoft Web+ exploit attempt"; flags: A+; uricontent:"/webplus.cgi?Script=/webplus/webping/webping.wml"; reference:bugtraq,1725; classtype:web-application-attack; sid:1097; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SmartWin CyberOffice Shopping Cart access";flags: A+; uricontent:"_private/shopping_cart.mdb"; reference:bugtraq,1734; classtype:web-application-attack; sid:1098; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cybercop scan";flags: A+; uricontent:"/cybercop"; nocase; reference:arachnids,374; classtype:web-application-activity; sid:1099; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC L3retriever HTTP Probe"; content: "User-Agent|3a| Java1.2.1|0d0a|"; flags: A+;reference:arachnids,310; classtype:web-application-activity; sid:1100; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Webtrends HTTP probe"; content: "User-Agent|3a| Webtrends Security Analyzer|0d0a|"; flags: A+;reference:arachnids,309; classtype:web-application-activity; sid:1101; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Nessus 404 probe"; flags: A+; uricontent: "/nessus_is_probing_you_"; depth: 32;reference:arachnids,301; classtype:web-application-activity; sid:1102; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape admin passwd"; flags: A+; uricontent:"/admin-serv/config/admpw"; nocase;reference:bugtraq,1579; classtype:web-application-attack; sid:1103; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC BigBrother access"; flags: A+; uricontent:"/bb-hostsvc.sh?HOSTSVC"; nocase; classtype:attempted-recon; sid:1105; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Poll-it access"; flags: A+; uricontent:"/pollit/Poll_It_SSI_v2.0.cgi"; nocase; reference:cve,CAN-2000-0590; reference:bugtraq,1431; classtype:attempted-recon; sid:1106; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ftp.pl access"; flags: A+; uricontent:"/ftp.pl"; nocase;reference:bugtraq,1471; classtype:attempted-recon; sid:1107; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tomcat server snoop access"; flags: A+; uricontent:"/jsp/snp/anything.snp"; nocase; reference:cve,CAN-2000-0760; reference:bugtraq,1532; classtype:attempted-recon; sid:1108; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ROXEN directory list attempt"; flags: A+; content:"|2F 25 30 30 2F|"; nocase;reference:bugtraq,1510; reference:cve,CVE-2000-0671; classtype:attempted-recon; sid:1109; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC apache source.asp file access"; flags: A+; uricontent:"/site/eg/source.asp"; nocase;reference:bugtraq,1457; reference:cve, CVE-2000-0628; classtype:attempted-recon; sid:1110; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC tomcat server exploit access"; flags: A+; uricontent:"/contextAdmin/contextAdmin.html"; nocase; classtype:attempted-recon; sid:1111; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC http directory traversal"; flags: A+; content: "..\\";reference:arachnids,298; classtype:attempted-recon; sid:1112; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC prefix-get //";flags: A+; uricontent:"get //"; nocase; classtype:attempted-recon; sid:1114; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ICQ webserver DOS";flags: A+; uricontent:".html/......"; nocase; reference:cve,CVE-1999-0474; classtype:attempted-dos; sid:1115; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Lotus DelDoc attempt";flags: A+; content:"?DeleteDocument"; nocase; classtype:attempted-recon; sid:1116; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Lotus EditDoc attempt";flags: A+; content:"?EditDocument"; nocase; classtype:attempted-recon; sid:1117; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ls%20-l";flags: A+; content:"ls%20-l"; nocase; classtype:attempted-recon; sid:1118; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC mlog.phtml access";flags: A+; uricontent:"/mlog.phtml"; nocase; reference:bugtraq,713; reference:cve,CVE-1999-0346; classtype:attempted-recon; sid:1119; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC mylog.phtml access";flags: A+; uricontent:"/mylog.phtml"; nocase; reference:bugtraq,713; reference:cve,CVE-1999-0346; classtype:attempted-recon; sid:1120; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC O'Reilly args.bat access";flags: A+; uricontent:"/cgi-dos/args.bat"; nocase; classtype:attempted-recon; sid:1121; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /etc/passwd";flags: A+; content:"/etc/passwd"; nocase; classtype:attempted-recon; sid:1122; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC PageService access";flags: A+; content:"?PageServices"; nocase; reference:bugtraq,1063; reference:cve,CVE-1999-0269; classtype:attempted-recon; sid:1123; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Ecommerce check.txt access";flags: A+; uricontent:"/config/check.txt"; nocase; classtype:attempted-recon; sid:1124; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webcart access";flags: A+; uricontent:"/webcart/"; nocase; classtype:attempted-recon; sid:1125; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC AuthChangeUr access";flags: A+; content:"_AuthChangeUrl?"; nocase; classtype:attempted-recon; sid:1126; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC convert.bas access";flags: A+; uricontent:"/scripts/convert.bas"; nocase; reference:bugtraq,2025; reference:cve,CVE-1999-0175; classtype:attempted-recon; sid:1127; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cpshost.dll access";flags: A+; uricontent:"/scripts/cpshost.dll"; nocase; classtype:attempted-recon; sid:1128; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .htaccess access";flags: A+; content:".htaccess"; nocase; classtype:attempted-recon; sid:1129; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .wwwacl access";flags: A+; uricontent:".wwwacl"; nocase; classtype:attempted-recon; sid:1130; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .wwwacl access";flags: A+; uricontent:".www_acl"; nocase; classtype:attempted-recon; sid:1131; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 457 (msg:"WEB-MISC netscape unixware overflow"; content: "|eb 5f 9a ff ff ff ff 07 ff c3 5e 31 c0 89 46 9d|"; flags: A+; reference:arachnids,180; classtype:attempted-recon; sid:1132; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"SCAN cybercop os probe"; content: "AAAAAAAAAAAAAAAA"; flags: SFP; ack: 0; depth: 16;reference:arachnids,145; classtype:attempted-recon; sid:1133; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum admin access"; flags: A+; uricontent:"/admin.php3"; nocase; reference:bugtraq,2271; reference:arachnids,205; classtype:attempted-recon; sid:1134; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cd..";flags: A+; content:"cd.."; nocase; classtype:attempted-recon; sid:1136; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum auth access"; flags: A+; content:"PHP_AUTH_USER=boogieman"; nocase;  reference:bugtraq,2274; reference:arachnids,206; classtype:attempted-recon; sid:1137; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Cisco Web DOS attempt"; flags: A+; content: "|20 2F 25 25|"; depth: 16; reference:arachnids,275; classtype:attempted-dos; sid:1138; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC guestbook access";flags: A+; uricontent:"/guestbook"; nocase; reference:bugtraq,776; reference:cve,CVE-1999-0237; reference:arachnids,228; classtype:attempted-recon; sid:1140; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC handler access"; flags: A+; uricontent:"/handler"; nocase; reference:bugtraq,380; reference:arachnids,235; reference:cve,CVE-1999-0148; classtype:attempted-recon; sid:1141; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /....";flags: A+; content:"|2f2e2e2e2e|"; classtype:attempted-recon; sid:1142; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ///cgi-bin";flags: A+; uricontent:"///cgi-bin"; nocase; classtype:attempted-recon; sid:1143; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /cgi-bin/// access";flags: A+; uricontent:"/cgi-bin///"; nocase; classtype:attempted-recon; sid:1144; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /~root";flags: A+; uricontent:"/~root/"; nocase; classtype:attempted-recon; sid:1145; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Ecommerce import.txt access";flags: A+; uricontent:"/config/import.txt"; nocase; classtype:attempted-recon; sid:1146; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cat%20 access";flags: A+; content:"cat%20"; nocase; reference:cve,CVE-1999-0039; reference:bugtraq,374; classtype:attempted-recon; sid:1147; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Ecommerce import.txt access";flags: A+; uricontent:"/orders/import.txt"; nocase; classtype:attempted-recon; sid:1148; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC count.cgi access";flags: A+; uricontent:"/count.cgi"; nocase; reference:bugtraq,550; reference:cve,CVE-1999-0021; classtype:attempted-recon; sid:1149; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino catalog.ns access";flags: A+; uricontent:"/catalog.nsf"; nocase; classtype:attempted-recon; sid:1150; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino domcfg.nsf access";flags: A+; uricontent:"/domcfg.nsf"; nocase; classtype:attempted-recon; sid:1151; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino domlog.nsf access";flags: A+; uricontent:"/domlog.nsf"; nocase; classtype:attempted-recon; sid:1152; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino log.nsf access";flags: A+; uricontent:"/log.nsf"; nocase; classtype:attempted-recon; sid:1153; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Domino names.nsf access";flags: A+; uricontent:"/names.nsf"; nocase; classtype:attempted-recon; sid:1154; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Ecommerce checks.txt access";flags: A+; uricontent:"/orders/checks.txt"; nocase; classtype:attempted-recon; sid:1155; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC apache DOS attempt";flags: A+; content:"|2f2f2f2f2f2f2f2f|"; classtype:attempted-dos; sid:1156; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape PublishingXpert 2 Exploit"; flags: A+; uricontent:"/PSUser/PSCOErrPage.htm?"; nocase; reference:cve,CAN-2000-1196; classtype:attempted-recon; sid:1157; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC windmail access"; flags:A+; uricontent:"/windmail.exe"; nocase; content:"-n"; content:"mail"; nocase; reference:cve,CAN-2000-0242; reference:bugtraq,1073; reference:arachnids,465; classtype:attempted-recon; sid:1158; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webplus access"; content:"webplus?script"; nocase; flags:A+; classtype:attempted-recon; sid:1159; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape dir index wp"; flags: A+; content: "?wp-"; nocase; reference:bugtraq,1063; reference:cve,CVE-2000-0236; reference:arachnids,270; classtype:attempted-recon; sid:1160; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC piranha passwd.php3 access"; flags: A+; uricontent: "/passwd.php3"; reference:bugtraq,1149; reference:cve,CVE-2000-0322; reference:arachnids,272; classtype:attempted-recon; sid:1161; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cart 32 AdminPwd access"; flags: A+; uricontent:"/c32web.exe/ChangeAdminPassword"; nocase;reference:bugtraq,1153; classtype:attempted-recon; sid:1162; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC webdist.cgi access"; uricontent:"/webdist.cgi"; nocase; flags: A+; reference:bugtraq,374; reference:cve,CVE-1999-0039; classtype:attempted-recon; sid:1163; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC shopping cart access access"; uricontent:"/quikstore.cfg"; nocase; flags: A+; classtype:attempted-recon; sid:1164; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC novell groupwise gwweb.exe access"; flags: A+; content:"/GWWEB.EXE?HELP="; nocase; reference:bugtraq,879; reference:cve,CAN-1999-1006; classtype:attempted-recon; sid:1165; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ws_ftp.ini access"; uricontent:"/ws_ftp.ini"; nocase; flags: A+; classtype:attempted-recon; sid:1166; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC rpm_query access"; flags: A+; uricontent:"/rmp_query"; nocase; reference:cve,CVE-2000-0192; reference:bugtraq,1036; classtype:attempted-recon; sid:1167; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC mall log order access"; uricontent:"/mall_log_files/order.log"; nocase; flags: A+; classtype:attempted-recon; sid:1168; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC bigconf.cgi access"; uricontent:"/bigconf.cgi"; nocase; flags: A+; classtype:attempted-recon; sid:1172; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC architext_query.pl access"; uricontent:"/ews/architext_query.pl"; nocase; flags: A+; classtype:attempted-recon; sid:1173; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC /cgi-bin/jj attempt"; uricontent:"/cgi-bin/jj"; nocase; flags: A+; reference:bugtraq,2002; reference:cve,CVE-1999-0260; classtype:attempted-recon; sid:1174; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC wwwboard.pl access"; uricontent:"/wwwboard.pl"; nocase; flags: A+; reference:bugtraq,1795; reference:cve,CVE-1999-0953; classtype:attempted-recon; sid:1175; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC order.log access"; uricontent:"/admin_files/order.log"; nocase; flags: A+; classtype:attempted-recon; sid:1176; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-verify-link";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1177; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum read access"; flags: A+; uricontent:"/read.php3"; nocase;  reference:arachnids,208; classtype:attempted-recon; sid:1178; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum violation access"; flags: A+; uricontent:"/violation.php3"; nocase; reference:bugtraq,2272; reference:arachnids,209; classtype:attempted-recon; sid:1179; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC get32.exe access"; flags: A+; uricontent:"/get32.exe"; nocase; reference:bugtraq,1485; reference:arachnids,258; classtype:attempted-recon; sid:1180; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Annex Terminal DOS attempt"; flags: A+;dsize:>1446; uricontent:"/ping?query"; reference:arachnids,260; classtype:attempted-dos; sid:1181; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cgitest.exe attempt"; uricontent: "/cgitest.exe|0d0a|user"; nocase; flags: A+; offset: 4; reference:arachnids,265; classtype:attempted-recon; sid:1182; rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-cs-dump";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1183; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-ver-info";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1184; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC bizdbsearch access"; flags: A+; uricontent:"/bizdb1-search.cgi"; content:"mail"; nocase; reference:cve,CAN-2000-0287;  reference:bugtraq,1104; classtype:attempted-recon; sid:1185; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-ver-diff";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1186; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SalesLogix Eviewer web shutdown acess"; flags: A+; content:"/slxweb.dll/admin?command="; nocase; reference:bugtraq,1089; reference:cve,CAN-2000-0289; classtype:attempted-recon; sid:1187; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-start-ver";nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1188; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-stop-ver"; nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1189; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-uncheckout"; nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1190; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-html-rend"; nocase;reference:bugtraq,1063; classtype:attempted-recon; sid:1191; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Trend Micro OfficeScan access"; flags: A+; uricontent:"/officescan/cgi/jdkRqNotify.exe?"; nocase; reference:bugtraq,1057; classtype:attempted-recon; sid:1192; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC oracle web listener batch access"; flags: A+; uricontent:"/ows-bin/&"; nocase; reference:cve,CVE-2000-0169; reference:bugtraq,1053; classtype:attempted-recon; sid:1193; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Sojourn File attempt"; flags: A+; uricontent:"/sojourn.cgi?cat="; content:"%00"; nocase;reference:bugtraq,1052; reference:cve,CAN-2000-0180; classtype:attempted-user; sid:1194; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Sojourn access"; flags: A+; uricontent:"/sojourn.cgi"; nocase; reference:bugtraq,1052; reference:cve,CAN-2000-0180; classtype:attempted-recon; sid:1195; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SGI InfoSearch fname access"; flags: A+; uricontent:"/infosrch.cgi?"; content:"fname="; nocase;reference:bugtraq,1031; reference:arachnids,290; reference:cve,CVE-2000-0207; classtype:attempted-recon; sid:1196; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Phorum code access"; flags: A+; uricontent:"/code.php3"; nocase;  reference:arachnids,207; classtype:attempted-recon; sid:1197; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC netscape enterprise server directory view"; flags: A+; content:"?wp-usr-prop";nocase;reference:bugtraq,1063; classtype:web-application-attack; sid:1198; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 2301 (msg:"WEB-MISC Compaq Insight directory traversal"; content: "../"; reference:bugtraq,282; reference:arachnids,244; reference:cve,CVE-1999-0771; classtype:web-application-attack; sid:1199; rev:3;)
alert tcp $HTTP_SERVERS 80 -> $EXTERNAL_NET any (msg:"WEB-MISC Invalid URL"; content:"Invalid URL"; nocase; flags:A+; classtype:attempted-recon; sid:1200; rev:1;)
alert tcp $HTTP_SERVERS 80 -> $EXTERNAL_NET any (msg:"WEB-MISC 403 Forbidden";flags: A+; content:"HTTP/1.1 403"; classtype:attempted-recon; sid:1201; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC search.vts access"; flags:A+; uricontent:"/search.vts"; classtype:attempted-recon; sid:1202; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ax-admin.cgi access"; flags:A+; uricontent:"/ax-admin.cgi"; classtype:attempted-recon; sid:1204; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC axs.cgi access"; flags:A+; uricontent:"/axs.cgi"; classtype:attempted-recon; sid:1205; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cachemgr.cgi access"; flags:A+; uricontent:"/cachemgr.cgi"; classtype:attempted-recon; sid:1206; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC htgrep access"; flags:A+; uricontent:"/htgrep"; classtype:attempted-recon; sid:1207; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC responder.cgi access"; flags:A+; uricontent:"/responder.cgi"; classtype:attempted-recon; sid:1208; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC .nsconfig access"; flags:A+; uricontent:"/.nsconfig"; classtype:attempted-recon; sid:1209; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC web-map.cgi access"; flags:A+; uricontent:"/web-map.cgi"; classtype:attempted-recon; sid:1211; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Admin_files access"; flags:A+; uricontent:"/admin_files"; nocase; classtype:attempted-recon; sid:1212; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC backup access"; flags:A+; uricontent:"/backup"; nocase; classtype:attempted-recon; sid:1213; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC intranet access"; flags:A+; uricontent:"/intranet/"; nocase; classtype:attempted-recon; sid:1214; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ministats admin access"; flags:A+; uricontent:"/ministats/admin.cgi"; nocase; classtype:attempted-recon; sid:1215; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC filemail access"; flags:A+; uricontent:"/filemail"; nocase; classtype:attempted-recon; sid:1216; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC plusmail access"; flags:A+; uricontent:"/plusmail"; nocase; classtype:attempted-recon; sid:1217; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC adminlogin access"; flags:A+; uricontent:"/adminlogin"; nocase; classtype:attempted-recon; sid:1218; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC dfire.cgi access"; flags:A+; uricontent:"/dfire.cgi"; nocase; classtype:attempted-recon; sid:1219; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ultraboard access"; flags:A+; uricontent:"/ultraboard"; nocase; classtype:attempted-recon; sid:1220; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC musicat access"; flags:A+; uricontent:"/empower"; nocase; classtype:attempted-recon; sid:1221; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC WebPALS attempt"; flags:A+; uricontent:"/pals-cgi"; nocase; content:"documentName="; classtype:attempted-recon; reference:cve,CAN-2001-0217; reference:bugtraq,2372; sid:1222; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ROADS attempt"; flags:A+; uricontent:"/ROADS/cgi-bin/search.pl"; content:"form="; nocase; reference:cve,CAN-2001-0215; reference:bugtraq,2371; classtype:attempted-recon; sid:1224; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC VirusWall FtpSave access"; flags:A+; uricontent:"/FtpSave.dll"; nocase; classtype:attempted-recon; sid:1230; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC VirusWall access"; flags:A+; uricontent:"/catinfo"; nocase; reference:bugtraq,2808; classtype:attempted-recon; sid:1231; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 1812 (msg:"WEB-MISC VirusWall access"; flags:A+; uricontent:"/catinfo"; nocase; reference:bugtraq,2579; classtype:attempted-recon; sid:1232; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"WEB-MISC Outlook EML access"; uricontent:".ewl"; flags:A+; classtype:attempted-admin; sid:1233; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC VirusWall FtpSaveCSP access"; flags:A+; uricontent:"/FtpSaveCSP.dll"; nocase; classtype:attempted-recon; sid:1234; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC VirusWall FtpSaveCVP access"; flags:A+; uricontent:"/FtpSaveCVP.dll"; nocase; classtype:attempted-recon; sid:1235; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Tomcat sourcode view"; flags:A+; uricontent:".js%2570"; nocase; classtype:attempted-recon; sid:1236; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Tomcat sourcode view"; flags:A+; uricontent:".j%2573p"; nocase; classtype:attempted-recon; sid:1237; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC Tomcat sourcode view"; flags:A+; uricontent:".%256Asp"; nocase; classtype:attempted-recon; sid:1238; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SWEditServlet directory traversal attempt"; uricontent:"/SWEditServlet"; content:"template=../../../"; flags:A+; classtype:attempted-user; sid:1241; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC SWEditServlet access"; uricontent:"/SWEditServlet"; flags:A+; classtype:attempted-recon; sid:1259; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC whisker head"; content:"HEAD"; offset: 0; depth: 4; nocase; dsize:>512; flags:A+; classtype:attempted-recon; sid:1171; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC whisker head";flags: A+; content:"HEAD/./"; classtype:attempted-recon; sid:1139; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC whisker splice attack"; content: "|20|"; flags: A+; dsize: 1;reference:arachnids,296; classtype:attempted-recon; sid:1104; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC whisker splice attack"; dsize: <5; flags: A+; content: "|09|";reference:arachnids,415; classtype:attempted-recon; sid:1087; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC PHPLIB remote command attempt"; flags:A+; uricontent:"PHPLIB[libdir]"; reference:bugtraq,3079; classtype:attempted-user; sid:1254; rev:1;)
alert tcp $HTTP_SERVERS any -> $EXTERNAL_NET 80 (msg:"WEB-MISC PHPLIB remote command attempt"; flags:A+; uricontent:"/db_mysql.inc"; reference:bugtraq,3079; classtype:attempted-user; sid:1255; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC HP Openview Manager DOS"; flags:A+; uricontent:"/OvCgi/OpenView5.exe?Context=Snmp&Action=Snmp&Host=&Oid="; nocase; dsize:>202; reference:bugtraq,2845; sid:1258;  classtype:misc-activity; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC long basic authorization string"; flags:A+; content:"Authorization\: Basic "; nocase; dsize:>1000; classtype:attempted-dos; reference:bugtraq,3230; sid:1260; rev:2;)
alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"WEB-MISC readme.eml autoload attempt"; flags:A+; content:"window.open(\"readme.eml\""; nocase; classtype:attempted-user; sid:1290; rev:3; reference:url,www.cert.org/advisories/CA-2001-26.html;)
alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"WEB-MISC readme.eml attempt"; flags:A+; uricontent:"readme.eml"; nocase; classtype:attempted-user; sid:1284; rev:3; reference:url,www.cert.org/advisories/CA-2001-26.html;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"WEB-MISC sml3com access"; flags:A+; uricontent:"/graphics/sml3com"; classtype:attempted-dos; reference:bugtraq,2721; sid:1291; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC carbo.dll access"; flags:A+; uricontent:"/carbo.dll"; content:"icatcommand="; nocase; reference:cve,CAN-1999-1069; reference:bugtraq,2126; classtype:attempted-recon; sid:1001; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC admin.php file upload attempt"; flags:A+; uricontent:"/admin.php"; nocase; content:"file_name="; reference:bugtraq,3361; classtype:attempted-admin; sid:1300; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC admin.php access"; flags:A+; uricontent:"/admin.php"; nocase; reference:bugtraq,3361; classtype:attempted-recon; sid:1301; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC console.exe access"; flags:A+; uricontent:"/cgi-bin/console.exe"; nocase; reference:bugtraq,3375; classtype:attempted-recon; sid:1302; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC cs.exe access"; flags:A+; uricontent:"/cgi-bin/cs.exe"; nocase; reference:bugtraq,3375; classtype:attempted-recon; sid:1303; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC txt2html attempt"; flags:A+; uricontent:"/txt2html.cgi"; nocase; content:"/../../../../"; classtype:attempted-admin; sid:1305; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC txt2html access"; flags:A+; uricontent:"/txt2html.cgi"; nocase; classtype:attempted-recon; sid:1304; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC store.cgi attempt"; flags:A+; uricontent:"/store.cgi"; nocase; content:"product="; content:"../.."; classtype:attempted-admin; sid:1306; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC store.cgi access"; flags:A+; uricontent:"/store.cgi"; nocase; classtype:attempted-recon; sid:1307; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC http directory traversal"; flags: A+; content: "../"; reference:arachnids,297; classtype:attempted-recon; sid:1113; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC sadmind worm access"; content:"GET x HTTP/1.0"; offset:0; depth:15; classtype:attempted-recon; reference:url,"www.cert.org/advisories/CA-2001-11.html"; sid:1375; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC jrun directory browse attempt"; flags:A+; uricontent:"/%3f.jsp"; classtype:web-application-attack; sid:1376; rev:1;)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional