SnortID.com - Search for SNORT ID's - Snort is a registered trademark of Sourcefire, Inc

Enter a Snort ID to lookup (e.g 1:269)

Search String: 119:7

N.B.: Maximum of 50 results are displayed

Sid	Summary	Impact	Detailed Information	Affected Systems	Attack Scenarios	Ease of Attack	False Positive	False Negative	Corrective Action	Contributors	Additional References
119:7	This event is generated when the pre-processor http_inspect detects network traffic that may constitute an attack.	Unknown. This may be an attempt to evade an IDS.	This event is generated when the pre-processor http_inspect detects Unicode encoded web requests. This may be an indicator of an obfuscated attack against a server as well as an attempt to evade an IDS. The Unicode map for the target servers can be generated for specific servers. Refer to the documentation for http_inspect for instructions. This event can be controlled using the ((http_inspect)) configuration options.	Microsoft IIS web servers.	The attacker merely needs to encode a request using Unicode characters.	Simple.	None Known.	None Known.	Check the target host for signs of compromise. Apply any appropriate vendor supplied patches.	Daniel Roelker Sourcefire Vulnerability Research Team Nigel Houghton	HTTP IDS Evasions Revisited - Daniel Roelker http://docs.idsresearch.org/http_ids_evasions.pdf