Intrusion Prevention

HTTP.Negative.Data.Length

Description

This signature indicates a possible attempt to exploit a buffer-overflow vulnerability in an HTTP server. The "Content-Length:" in an HTTP header indicates the data length in the HTTP request. The sender can give a negative value for the length value in an attempt to overflow the server buffer.

Affected Products

Any HTTP server may be vulnerable.

Impact

This is a protocol anomaly, which could lead to service failures (denial of service) and in some cases may allow an attacker to gain access to the affected device. Specific impact will vary depending on the product.

Recommended Actions

This indicates detection of traffic that does not comply with the protocol standard. Monitor the traffic from that network for any suspicious activity.

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	107347978
Created	Sep 11, 2006
Updated	Apr 23, 2014
Risk
CVE ID	CVE-2011-3491
Exploit Prediction Score	2.73%
Default Action	Unavailable
Active

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

HTTP.Negative.Data.Length

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

HTTP.Negative.Data.Length

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center