HTTP: IIS Single Encoding (1)

This signature detects a single digit encoded in a URL. Microsoft Internet Information Services (IIS) uses special techniques to decode URLs. Attackers can be attempting to exploit these IIS techniques to evade detection by IDP.

Extended Description

An anomalous HTTP request is detected in which the Unicode-encoded forms of the "/" or "\" delimiter characters exist in a requested URL. The condition could be the result of a software error, or it could indicate malicious activity involving intentional transmission of Unicode-encoded delimiter strings is underway.

Short Name
HTTP:IIS:ENCODING:SINGLE-DIG-1
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
(1) Encoding IIS Single
Release Date
03/17/2005
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown

Found a potential security threat?