Intrusion PreventionHTTP.Negative.Content.Length
Description
This signature indicates a possible attempt to exploit a Buffer Overflow vulnerability in an HTTP server.
The "Content-Length:" in an HTTP header indicates the data length in the HTTP request. The sender can provide a negative value for the length value in an attempt to overflow the server's buffer.
Affected Products
Any HTTP server may be vulnerable
Impact
This is a protocol anomaly. Specific impact will vary depending on the product.
Recommended Actions
This indicates detection of traffic that does not comply with the protocol standard.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-02-07 | 14.544 | Sig Added |
| 2019-01-29 | 14.536 | Sig Added |
| 2019-01-25 | 14.535 | Sig Added |
| 2019-01-25 | 14.534 | Sig Added |
References
44284| ID | 43686 |
| Created | Feb 23, 2017 |
| Updated | Nov 03, 2021 |
| Risk |
|
| CVE ID | CVE-2011-3491 CVE-2020-8758 CVE-2008-4478 |
| Exploit Prediction Score | 92.76% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | All |