Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 923

HTTP:OVERFLOW:INV-CHUNK-LEN
HTTP:OVERFLOW:JANASRV-VER-OF
HTTP:OVERFLOW:LIBHTTPD-GET-OF
HTTP:OVERFLOW:METHOD-GENRC-OF
HTTP:OVERFLOW:NULLHTTPD-ROOT-OF
HTTP:OVERFLOW:PI3WEB-SLASH-OF
HTTP:OVERFLOW:REFERER
HTTP:OVERFLOW:SAMBAR-SEARCH
HTTP:OVERFLOW:SERVER
HTTP:OVERFLOW:SET-COOKIE
HTTP:OVERFLOW:TRANSFER-ENCODING
HTTP:OVERFLOW:USER-AGENT
HTTP:PHP:ALEXPHP-INCLUDE
Copyright © 2010, Juniper Networks, Inc.
This protocol anomaly is an invalid chunk length specification
in a chunked transfer encoded HTTP request. RFC-2616#3.6.1
specifies that the size of a chunk should be represented using
hexadecimal notation.
This signature detects buffer overflow attempts against
JanaServer HTTP Server, an Internet gateway for Windows.
JanaServer 2.21 and prior are vulnerable. Attackers may send
a maliciously crafted HTTP GET request to overflow the
buffer.
This signature detects buffer overflow attempts against
LibHTTPd. LibHTTPd 1.2 and earlier are vulnerable. Attackers
may send a maliciously crafted GET request to execute
arbitrary code on the host.
This signature detects buffer overflow attempts against
HTTP request methods. Attackers may send an invalid or
long HTTP request to overflow vulnerable buffers on the
target Web server.
This signature detects buffer overflow attempts against Null
HTTPD. Attackers may remotely send shellcode in a
maliciously crafted POST command to gain local access.
This signature detects denial-of-service (DoS) attempts
against Pi3Web Server. Attackers may send a URL with more
than 354 Slashes (/) to crash the server.
This protocol anomaly is an HTTP Referrer header length
that exceeds the user-defined maximum. The default length
is 8192.
This signature detects buffer overflow attempts against
Sambar Server, a free Web server. Attackers may include an
oversized HTTP header within a maliciously crafted request
to the server to execute arbitrary code.
DI has detected a suspiciously long Server header.
DI has detected a suspiciously long Set-Cookie header.
DI has detected a suspiciously long Transfer-Encoding
header.
This protocol anomaly is an HTTP User-Agent header length
that exceeds the user-defined maximum. The default length
is 258.
This signature detects attempts to exploit a remote file
inclusion vulnerability in AlexPHP. Attackers may send a
maliciously crafted HTTP request to execute PHP code from
a remote server on the host running AlexPHP.
Appendix E: Log Entries
high sos5.0.0,
sos5.1.0
medium sos5.1.0
high sos5.1.0
high sos5.1.0
critical sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
critical sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
high sos5.1.0
873