Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:IMG:NOT-JPEG |
|---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
not jpeg |
Release Date |
2005/10/28 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Data is Not JPEG
This anomaly is triggered if a mismatch is detected between the content type "image/jpeg" and the actual data. The JPEG data should start from the pattern "ff d8 ff." Recent malware Command and Control ("C&C") channels use encrypted data with "jpeg" file extensions, but they are not well-formed JPEG files and will be detected by this anomaly.
Extended Description
None
References
- CVE: CVE-2019-5129
- URL: http://www.obrador.com/essentialjpeg/headerinfo.htm
- URL: http://labs.alienvault.com/labs/index.php/2013/latest-adobe-pdf-exploit-used-to-target-uyghur-and-tibetan-activists/
- URL: http://www.arbornetworks.com/asert/wp-content/uploads/2014/06/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf