HTTP.Negative.Content.Length
Description
This signature indicates a possible attempt to exploit a Buffer Overflow vulnerability in an HTTP server.
The "Content-Length:" in an HTTP header indicates the data length in the HTTP request. The sender can provide a negative value for the length value in an attempt to overflow the server's buffer.
Affected Products
Any HTTP server may be vulnerable
Impact
This is a protocol anomaly. Specific impact will vary depending on the product.
Recommended Actions
This indicates detection of traffic that does not comply with the protocol standard.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-02-07 | 14.544 | Sig Added |
2019-01-29 | 14.536 | Sig Added |
2019-01-25 | 14.535 | Sig Added |
2019-01-25 | 14.534 | Sig Added |