Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 936

Network and Security Manager Administration Guide
HTTP:APACHE:MOD-NTLM-BOF1
HTTP:APACHE:MODPHP-UPLOAD-HOF
HTTP:APACHE:NOSEJOB
HTTP:APACHE:PHP-INVALID-HDR
HTTP:APACHE:REDHAT-DIRLIST
HTTP:APACHE:RESIN-WEB-INF
HTTP:APACHE:SCALP
HTTP:AUDIT:MSNG-HTTP-VER
HTTP:AUDIT:UNKNWN-REQ
886
This signature detects buffer overflow attempts against
Apache Web server. An Apache Web server uses mod_ntlm
(an Apache 1.x and 2.x module) to authenticate users against
a Microsoft Windows Domain Controller. Attackers may send
long or malformed strings to mod_ntlm using the
Authorization HTTP header, overflow the buffer, then
execute arbitrary code on the Web server.
This signature detects heap overflow attempts against
mod_php in Apache. Attackers may send a maliciously
crafted HTTP POST request to execute arbitrary code on
the server.
This signature detects attempts to exploit a vulnerability in
Apache Web servers. Apache improperly calculates required
buffer sizes for chunked encoded requests due to a signed
interpretation of an unsigned integer value. Attackers may
send chunked encoded requests with the unique Host header
value "Apache-nosejob.c." in the GET request to create a
buffer overflow and execute arbitrary code.
This signature detects denial-of-service attempts against
the Apache HTTP daemon. PHP versions 4.2.0 and 4.2.1
running on Apache 1.3.26 are vulnerable. Attackers may use
invalid headers in an HTTP request to crash the Apache
HTTP daemon; the daemon may require a manual restart.
By submitting a malformed HTTP GET request to an Apache
server using the default configuration supplied with several
versions of RedHat Linux an attacker can cause the web
server to return a listing of the contents of that directory,
even if an index page is present.
This signature detects attempts to exploit a flaw in Resin
2.1.12, a Java Scriptlet server. Attackers can send malformed
URL requests to a server to allow access to a normally
protected subdirectory, the WEB-INF directory.
This signature detects attempts to exploit a vulnerability in
Apache Web servers. Apache improperly calculates required
buffer sizes for chunked encoded requests due to a signed
interpretation of an unsigned integer value. Attackers may
send chunked encoded requests with the unique Host header
value "apache-scalp.c." in the GET request to create a buffer
overflow and execute arbitrary code.
This protocol anomaly is an HTTP request with no version
number after the 'HTTP/...'. This may indicate command line
access to an HTTP server.
This protocol anomaly is an unknown HTTP request. Known
requests are OPTION, GET, HEAD, POST, PUT, DELETE,
TRACE, and CONNECT.
high sos5.0.0,
sos5.1.0
critical sos5.1.0
critical sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
low sos5.1.0
medium sos5.0.0,
sos5.1.0
critical sos5.0.0,
sos5.1.0
info sos5.1.0
info sos5.1.0
Copyright © 2010, Juniper Networks, Inc.