Short Name |
HTTP:IIS:ENCODING:SINGLE-DIG-2 |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IIS Single Encoding (2) |
Release Date |
2005/03/17 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects a single digit encoded in a URL. Microsoft Internet Information Services (IIS) uses special techniques to decode URLs. Attackers can be attempting to exploit these IIS techniques to evade detection by IDP.
An HTTP request in which the Unicode-encoded forms of the "/" or "\" delimiter characters exist in a requested URL constitutes a protocol anomaly. The condition could be the result of a software error, or it could indicate malicious activity involving intentional transmission of Unicode-encoded delimiter strings is underway.