[Emerging-Sigs] Signature for Bash Exploit?

waldo kitty wkitty42 at windstream.net
Fri Sep 26 14:11:47 EDT 2014


On 9/25/2014 7:56 PM, Francis Trudeau wrote:
> There was a lot of them created over the past couple days.  They are
> all in OPEN so they should be widespread.
>
> 37 in total went out, with 30 of them being generic url-encode rules
> that are disabled by default.

are these disabled by default because they may appear in legitimate web pages or 
because they may FP a lot?

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.


More information about the Emerging-sigs mailing list