HTTP.Negative.Data.Length
Description
This signature indicates a possible attempt to exploit a buffer-overflow vulnerability in an HTTP server. The "Content-Length:" in an HTTP header indicates the data length in the HTTP request. The sender can give a negative value for the length value in an attempt to overflow the server buffer.
Affected Products
Any HTTP server may be vulnerable.
Impact
This is a protocol anomaly, which could lead to service failures (denial of service) and in some cases may allow an attacker to gain access to the affected device. Specific impact will vary depending on the product.
Recommended Actions
This indicates detection of traffic that does not comply with the protocol standard. Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |