web-attacks
These signatures are generic signatures that will catch common commands used to exploit form variable vulnerabilities. These signatures should not false very often.
Please email example PCAP log dumps to snort-sigs@lists.sourceforge.net if you find one of these signatures to be too false possitive.