hi,
Recently, I received the following alerts.
ATTACK [PTsecurity] Buffer Overflow via Negative HTTP Chunk size number (FFMPEG CVE-2016-10190, WGET CVE-2017-13089, CVE-2017-13090)
the rule has two key words that I don’t understand
app-layer-event:http.invalid_response_chunk_len;
pcre: "/^\s*-[0-9A-Fa-f]+/Qs";
- What does the http.invalid_response_chunk_len mean? And how can i get all the
app-layer-event informations? - What is the last “s” mean in the pcre ?
I can’t find the instructions in the suricata ducoment.