Donnerstag, 16. April 2015

Ruleset-Updates: Possible IIS Integer Overflow DoS > (CVE-2015-1635) and some scanner-sigs

[+] new sigs:
  42000428 :: app_server.rules     ::  Possible IIS Integer Overflow DoS > (CVE-2015-1635)
  42000421 :: scanner.rules        :: Joomla Googlemap-Reflection - Scan
  42000422 :: web_server.rules     :: PHP 5.x User-Agent detected in Request, possible flood
  42000423 :: web_server.rules     :: PHP 4.x User-Agent detected in Request, possible flood
  42000424 :: web_server.rules     :: Acunetix PHPSensor-File-Scan
  42000425 :: scanner.rules        :: SQLiteManager - Exploit
  42000426 :: scanner.rules        :: SQLiteManager - Exploit
  42000427 :: scanner.rules        :: JMXConsole-Access

most interesting sig: 41000428  Possible IIS Integer Overflow DoS > (CVE-2015-1635)

MainRule  "str:18446744073709551615" "msg:Possible IIS Integer Overflow DoS > (CVE-2015-1635) " "mz:$HEADERS_VAR:Range" "s:$ATTACK:8" id:42000428  ;

References:
- https://technet.microsoft.com/library/security/ms15-034
- http://pastebin.com/ypURDPc4
- http://pastebin.com/BV2uePxk
- https://lists.emergingthreats.net/pipermail/emerging-sigs/2015-April/025976.html

credit goes to emerging threats ml