From: <no...@so...> - 2003-12-17 17:09:28
|
Update of /cvsroot/ijbswa/current In directory sc8-pr-cvs1:/tmp/cvs-serv24503 Modified Files: Tag: v_3_0_branch default.filter Log Message: Added remedy against IE address bar spoofing Index: default.filter =================================================================== RCS file: /cvsroot/ijbswa/current/default.filter,v retrieving revision 1.11.2.18 retrieving revision 1.11.2.19 diff -u -d -r1.11.2.18 -r1.11.2.19 --- default.filter 2 Dec 2003 11:25:27 -0000 1.11.2.18 +++ default.filter 17 Dec 2003 17:09:25 -0000 1.11.2.19 @@ -435,6 +435,10 @@ # s%f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);%alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);%siU +# Address bar spoofing (http://www.secunia.com/advisories/10395/): +# +s/(<a[^>]*href[^>]*)(\x01|\x02|\x03|%0[012])/$1MALICIOUS-LINK/ig + # Nimda: # s%<script language="JavaScript">(window\.open|1;''\.concat)\("readme\.eml", null, "resizable=no,top=6000,left=6000"\)</script>%<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>%g @@ -481,11 +485,13 @@ # s|(<img [^>]*)onload|$1never|sig - ############################################################################## # # Revisions : # $Log$ +# Revision 1.11.2.19 2003/12/17 17:09:25 oes +# Added remedy against IE address bar spoofing +# # Revision 1.11.2.18 2003/12/02 11:25:27 oes # Fixed a line trashed in previous commit # |