ATTACK [PTsecurity] Mismatch URI and Host header. Possible Squid cache poisoning

SID: 10000035Rev: 44 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-recon

alert http $HOME_NET any -> $HOME_NET any (msg:"ATTACK [PTsecurity] Mismatch URI and Host header. Possible Squid cache poisoning"; content:"GET"; http_method; content:"://"; fast_pattern; distance:0; http_raw_uri; pcre:"/^\w+\s+\w+:\/\/\S+\s+.*?[\r\n].*?Host:[ \t]+[\w\.:]+\b/is"; pcre:! "/^\w+\s+\w+:\/\/([^\/\s:#]+)[\/\s:#]\S*.+?Host:[ \t]*\1\S*\b/is"; reference:url, bugs.squid-cache.org/show_bug.cgi?id=4501; reference:cve, 2016-4554; classtype:attempted-recon; reference:url, github.com/ptresearch/AttackDetection; sid:10000035; rev:4;)

References

url	bugs.squid-cache.org/show_bug.cgi?id=4501
cve	2016-4554
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!