Short Name |
HTTP:OVERFLOW:COREHTTP-URI |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
CoreHTTP URI Parsing Overflow |
Release Date |
2013/02/06 |
Update Number |
2231 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in CoreHTTP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application. Failed exploit attempts could trigger a denial of service condition.
Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request.