Hi, regarding IDS signature 5930. This appears to be an old signature re-released with the recent asproxy vulnerabilities in mind. We have seen this fire with subsig 5 (asprox) and subsig 4 which detects " AND 1=1" in HTTP arguments. However when we look at the captures for subsig 4 alerts we are unable to find this argument in the capture anywhere (TAC currently raised).
Also, what is the best method of protecting against these vulnerablities - is it just a case of te developers ensuring that the code is not vulnerable? There is an MS test tool available to help with this http://support.microsoft.com/kb/954476.
Does anybody have any similar thoughts on this and the best way to defned against this?