Demarc just released a vulnerability alert on Snort. The vulnerability leads to evasion of URI content rules. When a carriage return is added to the end of a URL (before HTTP protocol declaration), Snort detection can be evaded. According to the alert, this vulnerability will affect thousands of detection rules in the standard rule base. Thanks to Ben McDougall for reporting this to us.
Please refer to the vulnerability alert for more details,
http://www.demarc.com/support/downloads/patch_20060531