(http_inspect) OVERSIZE REQUEST-URI DIRECTORY
Oversized Request-URI directories in HTTP requests can sometimes indicate attempts to exploit vulnerabilities in web applications or perform various types of attacks, such as directory traversal attacks. These attacks aim to access files or directories outside of the web server's intended directory structure. The "http_inspect" preprocessor in Snort monitors the HTTP traffic, and when it encounters an HTTP request with an excessively large Request-URI directory, it triggers this alert
ID Number
0000015
Signature
alert ( msg: "HI_CLIENT_OVERSIZE_DIR"; sid: 15; gid: 119; rev: 1; metadata: policy max-detect-ips drop, rule-type preproc, service http ; classtype:bad-unknown; reference:cve,2007-0774; reference:bugtraq,22791; reference:cve,2010-3281; reference:bugtraq,43338; reference:cve,2011-5007; )
MITRE ATT&CK Technique
-
Severity
Low
Recommendations/Investigative actions
Can be disabled will trigger many False Positives