Intrusion Prevention

HTTP.Negative.Content.Length

Description

This signature indicates a possible attempt to exploit a Buffer Overflow vulnerability in an HTTP server.
The "Content-Length:" in an HTTP header indicates the data length in the HTTP request. The sender can provide a negative value for the length value in an attempt to overflow the server's buffer.

Affected Products

Any HTTP server may be vulnerable

Impact

This is a protocol anomaly, which could lead to service failures (denial of service) and in some cases may allow an attacker to gain access to the affected device. Specific impact will vary depending on the product.

Recommended Actions

This indicates detection of traffic that does not comply with the protocol standard.
Monitor the traffic from that network for any suspicious activity.

CVE References

CVE-2011-3491 CVE-2008-4478

Other References

44284