BROWSER-IE -- Snort has detected traffic known to exploit vulnerabilities present in the Internet Explorer browser, or products that have the Trident or Tasman engines.
BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt
This preprocessor fires when Snort detects Javascript obfuscation levels in excess of what it is configured to allow
Snort monitors how much obfuscation Javascripts on webpages use. When multiple levels are observed this alert is generated as excessive obfuscation is a suspicious practice.
Attacks/Scans seen in the wild
Known false positives, with the described conditions
In the modern web a sizeable amount of Javascript code is obfuscated in order to keep it moderately "secret". This is a practice that should be discouraged because it makes it harder to distinguish this code from malicious code trying to avoid inspection.
Cisco Talos Intelligence Group
No rule groups
N/A
Not Applicable
CVE-2011-1262 |
Loading description
|
Tactic: Defense Evasion
Technique: Obfuscated Files or Information
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
