Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:OVERFLOW:USER-AGENT

Severity

 Minor

Recommended

 No

Category

 HTTP

Release Date

 2004/02/12

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: User Agent Overflow


This protocol anomaly triggers when an HTTP User-Agent header length exceeds the user-defined maximum. The default length is 512; you can change this setting in the Sensor Settings Rulebase>Protocol Thresholds and Configuration>HTTP>Maximum User-Agent length.

References

  • BugTraq: 23608
  • BugTraq: 52034
  • BugTraq: 35660
  • BugTraq: 58504
  • BugTraq: 19192
  • BugTraq: 56057
  • BugTraq: 33898
  • BugTraq: 52161
  • BugTraq: 59162
  • BugTraq: 57726
  • BugTraq: 24217
  • BugTraq: 14242
  • BugTraq: 56054
  • BugTraq: 36600
  • CVE: CVE-2012-1875
  • CVE: CVE-2011-3544
  • CVE: CVE-2012-5076
  • CVE: CVE-2005-2265
  • CVE: CVE-2007-2175
  • CVE: CVE-2009-0950
  • CVE: CVE-2012-0507
  • CVE: CVE-2013-2423
  • CVE: CVE-2013-2465
  • CVE: CVE-2012-1723
  • CVE: CVE-2012-4681
  • CVE: CVE-2018-0608
  • CVE: CVE-2013-2460
  • CVE: CVE-2018-18820
  • CVE: CVE-2008-0550
  • CVE: CVE-2012-5088
  • CVE: CVE-2006-3677
  • CVE: CVE-2014-9390
  • CVE: CVE-2013-0431
  • CVE: CVE-2013-1488
  • CVE: CVE-2009-2477
  • CVE: CVE-2012-0754
  • CVE: CVE-2013-0422
  • CVE: CVE-2009-3459
  • CVE: CVE-2010-0840
  • CVE: CVE-2017-1000117
  • CVE: CVE-2010-3189
  • URL: http://security-obscurity.blogspot.com.es/2013/01/about-new-java-0-day-vulnerability.html
  • URL: http://pastebin.com/QWU1rqjf
  • URL: http://malware.dontneedcoffee.com/2013/02/cve-2013-0431-java-17-update-11.html
  • URL: https://developer.mozilla.org/en/Extensions/Bootstrapped_extensions
  • URL: http://dvlabs.tippingpoint.com/blog/2007/06/27/xpi-the-next-malware-vector
  • URL: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
  • URL: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5076
  • URL: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
  • URL: http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html
  • URL: http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/
  • URL: http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html
  • URL: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
  • URL: https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day
  • URL: https://bugzilla.redhat.com/show_bug.cgi?id=852051
  • URL: http://secunia.com/advisories/51733/
  • URL: http://www.contextis.com/research/blog/java-pwn2own/
  • URL: http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html
  • URL: http://slightlyrandombrokenthoughts.blogspot.com/2010/04/java-trusted-method-chaining-cve-2010.html
  • URL: http://schierlm.users.sourceforge.net/CVE-2011-3544.html
  • URL: http://www.mozilla.org/security/announce/mfsa2005-50.html
  • URL: http://support.apple.com/kb/HT3592
  • URL: http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html
  • URL: http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
  • URL: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
  • URL: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
  • URL: https://en.wikipedia.org/wiki/Macro_virus
  • URL: http://www.agarri.fr/blog/
  • URL: http://www.adobe.com/support/security/bulletins/apsb08-24.html
  • URL: http://aluigi.altervista.org/adv/steamcazz-adv.txt
  • URL: http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf
  • URL: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-02.pdf
  • URL: http://www.stratsec.net/Research/Advisories/TeeChart-Professional-Integer-Overflow
  • URL: http://www.vmware.com/security/advisories/VMSA-2012-0015.html
  • URL: http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-about-history-rce.html
  • URL: http://www.microsoft.com/technet/security/advisory/2458511.mspx
  • URL: http://contagiodump.blogspot.com/2012/03/mar-2-cve-2012-0754-irans-oil-and.html
  • URL: http://www.adobe.com/support/security/bulletins/apsb12-03.html
  • URL: http://d0cs4vage.blogspot.com/2011/06/insecticides-dont-kill-bugs-patch.html
  • URL: http://fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/
  • URL: http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html
  • URL: http://blog.harmonysecurity.com/2010/10/oracle-java-ie-browser-plugin-stack.html
  • URL: http://code.google.com/p/skylined/issues/detail?id=23
  • URL: http://skypher.com/index.php/2010/10/13/issue-2-oracle-java-object-launchjnlp-docbase/
  • URL: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
  • URL: http://www.adobe.com/support/security/bulletins/apsb10-02.html
  • URL: http://aluigi.altervista.org/adv/pcvue_1-adv.txt
  • URL: http://www.dell.com/support/drivers/us/en/04/DriverDetails/DriverFileFormats?c=us&l=en&s=bsd&cs=04&DriverId=R230103
  • URL: http://vreugdenhilresearch.nl/java-midi-parse-vulnerabilities/
  • URL: http://www.microsoft.com/technet/security/advisory/2219475.mspx
  • URL: http://secunia.com/advisories/37169/
  • URL: https://bugzilla.mozilla.org/show_bug.cgi?id=634986
  • URL: http://www.mozilla.org/security/announce/2011/mfsa2011-13.html
  • URL: https://bugzilla.mozilla.org/show_bug.cgi?id=708198
  • URL: http://seclists.org/fulldisclosure/2012/Jul/375
  • URL: http://forums.ubi.com/showthread.php/699940-Uplay-PC-Patch-2-0-4-Security-fix
  • URL: http://secunia.com/secunia_research/2011-37/
  • URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=819
  • URL: http://technet.microsoft.com/en-us/security/advisory/2757760
  • URL: http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/
  • URL: https://bugzilla.mozilla.org/show_bug.cgi?id=664009
  • URL: http://www-304.ibm.com/support/docview.wss?uid=swg21596862
  • URL: http://secunia.com/advisories/22999/
  • URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=591
  • URL: http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html
  • URL: http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
  • URL: http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.html
  • URL: http://www.adobe.com/support/security/advisories/apsa10-02.html
  • URL: http://www.microsoft.com/technet/security/advisory/979352.mspx
  • URL: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
  • URL: http://secunia.com/advisories/29315/
  • URL: http://www.adobe.com/support/security/bulletins/apsb09-04.html
  • URL: http://secunia.com/advisories/40729/
  • URL: http://support.apple.com/kb/HT4290
  • URL: http://www.zerodayinitiative.com/advisories/ZDI-15-156/
  • URL: http://www.zerodayinitiative.com/advisories/ZDI-16-481/
  • URL: http://labs.alienvault.com/labs/index.php/2012/cve-2012-1535-adobe-flash-being-exploited-in-the-wild/
  • URL: https://developer.apple.com/fonts/TTRefMan/RM06/Chap6.html
  • URL: http://contagiodump.blogspot.com.es/2012/08/cve-2012-1535-samples-and-info.html
  • URL: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.43
  • URL: http://www.adobe.com/support/security/bulletins/apsb12-18.html
  • URL: http://secunia.com/secunia_research/2012-1/
  • URL: http://secunia.com/secunia_research/2012-25/
  • URL: http://ifsec.blogspot.com/2011/10/internet-explorer-option-element-remote.html
  • URL: http://pastebin.com/YLH725Aj
  • URL: http://bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html
  • URL: http://www.adobe.com/devnet/swf.html
  • URL: http://www.adobe.com/support/security/advisories/apsa11-01.html
  • URL: http://www.f-secure.com/weblog/archives/00002226.html
  • URL: http://aluigi.altervista.org/adv/netiware_1-adv.txt
  • URL: http://dvlabs.tippingpoint.com/advisory/TPTI-10-06
  • URL: http://www.videolan.org/security/sa1201.html
  • URL: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commit;h=11a95cce96fffdbaba1be6034d7b42721667821c
  • URL: http://secunia.com/advisories/27418/
  • URL: http://www.kahusecurity.com/2011/cve-2011-2140-caught-in-the-wild/
  • URL: http://www.adobe.com/support/security/bulletins/apsb11-21.html
  • URL: http://0x1byte.blogspot.com/2011/11/analysis-of-cve-2011-2140-adobe-flash.html
  • URL: http://secunia.com/secunia_research/2006-7/advisory/
  • URL: http://seclists.org/lists/bugtraq/2006/Mar/0410.html
  • URL: http://seclists.org/lists/fulldisclosure/2006/Mar/1439.html
  • URL: http://secunia.com/advisories/30709/
  • URL: http://support.apple.com/kb/HT5581
  • URL: http://www.novell.com/support/kb/doc.php?id=7011688
  • URL: http://securityresponse.symantec.com/avcenter/security/Content/2007.05.16.html
  • URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=497
  • URL: http://secunia.com/advisories/42445/
  • URL: http://xforce.iss.net/xforce/xfdb/63666
  • URL: http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
  • URL: http://www.adobe.com/support/security/bulletins/apsb09-15.html
  • URL: http://labs.alienvault.com/labs/index.php/2012/ongoing-attacks-exploiting-cve-2012-1875/
  • URL: https://twitter.com/binjo/status/212795802974830592
  • URL: https://community.rapid7.com/community/metasploit/blog/2012/06/18/metasploit-exploits-critical-microsoft-vulnerabilities
  • URL: http://pwnanisec.blogspot.com/2012/10/exploiting-command-injection.html
  • URL: http://www-304.ibm.com/support/docview.wss?uid=swg21598348
  • URL: http://aluigi.org/adv/ole32_1-adv.txt
  • URL: http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=966
  • URL: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
  • URL: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
  • URL: http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files
  • URL: http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commitdiff;h=fe44129dc6509b3347113ab0e1a0524af1e0dd11
  • URL: http://www.microsoft.com/technet/security/advisory/981169.mspx
  • URL: http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx
  • URL: http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt
  • URL: http://www.microsoft.com/technet/security/advisory/2488013.mspx
  • URL: http://www.wooyun.org/bugs/wooyun-2010-0885
  • URL: http://seclists.org/fulldisclosure/2010/Dec/110
  • URL: http://secunia.com/secunia_research/2010-104/
  • URL: https://bugzilla.mozilla.org/show_bug.cgi?id=708186
  • URL: http://dsecrg.com/files/pub/pdf/HITB%20-%20Attacking%20SAP%20Users%20with%20Sapsploit.pdf
  • URL: http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html
  • URL: http://secunia.com/advisories/26970/
  • URL: http://dvlabs.tippingpoint.com/advisory/TPTI-12-05
  • URL: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
  • URL: https://community.rapid7.com/community/metasploit/blog/2012/08/15/the-stack-cookies-bypass-on-cve-2012-0549
  • URL: http://www.cvedetails.com/cve/CVE-2005-1790
  • URL: https://speakerd.s3.amazonaws.com/presentations/0df98910d26c0130e8927e81ab71b214/for-share.pdf
  • URL: http://sotiriu.de/adv/NSOADV-2010-005.txt
  • URL: http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0122.html
  • URL: http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1
  • URL: https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_vmware_host_guest_client_redirector.html
  • URL: http://www.vmware.com/in/security/advisories/VMSA-2016-0010.html
  • URL: http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html
  • URL: https://www.trustedsec.com/july-2015/malicious-htas/
  • URL: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6136
  • URL: http://technet.microsoft.com/en-us/security/msvr/msvr11-014
  • URL: https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/
  • URL: https://www.fireeye.com/blog/threat-research/2017/04/acknowledgement_ofa.html
  • URL: https://www.helpnetsecurity.com/2017/04/10/ms-office-zero-day/
  • URL: https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html
  • URL: https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-0251.html
  • URL: https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Office%20zero-day%20(April%202017)/2017-04%20Office%20OLE2Link%20zero-day%20v0.4.pdf
  • URL: https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/
  • URL: https://www.hybrid-analysis.com/sample/ae48d23e39bf4619881b5c4dd2712b8fabd4f8bd6beb0ae167647995ba68100e?environmentId=100
  • URL: https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/
  • URL: https://www.microsoft.com/en-us/download/details.aspx?id=10725
  • URL: https://msdn.microsoft.com/en-us/library/dd942294.aspx
  • URL: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-CFB/[MS-CFB
  • URL: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
  • URL: https://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/
  • URL: http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html
  • URL: https://raw.githubusercontent.com/NorthBit/Public/master/NorthBit-Metaphor.pdf
  • URL: https://github.com/NorthBit/Metaphor
  • URL: http://drops.wooyun.org/papers/7558
  • URL: http://translate.wooyun.io/2015/08/08/Stagefright-Vulnerability-Disclosure.html
  • URL: https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2016/01/libstagefright-exploit-notespdf/
  • URL: https://github.com/h2o/h2o/issues/1775
  • URL: https://community.rapid7.com/community/metasploit/blog/2012/08/17/adobe-flash-player-exploit-cve-2012-1535-now-available-for-metasploit
  • URL: https://community.rapid7.com/community/metasploit/blog/2015/01/01/12-days-of-haxmas-exploiting-cve-2014-9390-in-git-and-mercurial
  • URL: http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html
  • URL: http://article.gmane.org/gmane.linux.kernel/1853266
  • URL: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
  • URL: https://www.mehmetince.net/one-git-command-may-cause-you-hacked-cve-2014-9390-exploitation-for-shell/
  • URL: http://mercurial.selenic.com/wiki/WhatsNew#Mercurial_3.2.3_.282014-12-18.29
  • URL: http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e
  • URL: http://selenic.com/repo/hg-stable/rev/6dad422ecc5a
  • URL: http://seclists.org/oss-sec/2017/q3/280
  • URL: http://securitypadawan.blogspot.com/2014/02/php-meterpreter-web-delivery.html
  • URL: http://www.pentestgeek.com/2013/07/19/invoke-shellcode/
  • URL: http://www.powershellmagazine.com/2013/04/19/pstip-powershell-command-line-switches-shortcuts/
  • URL: http://www.darkoperator.com/blog/2013/3/21/powershell-basics-execution-policy-and-code-signing-part-2.html
  • URL: https://bugzilla.mozilla.org/show_bug.cgi?id=503286
  • URL: http://schierlm.users.sourceforge.net/CVE-2012-1723.html
  • URL: http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
  • URL: https://bugzilla.redhat.com/show_bug.cgi?id=829373
  • URL: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/hotspot/rev/253e7c32def9
  • URL: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/hotspot/rev/8f86ad60699b
  • URL: http://www.security-explorations.com/materials/SE-2012-01-ORACLE-5.pdf
  • URL: http://www.security-explorations.com/materials/se-2012-01-report.pdf
  • URL: http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-valsmith-metaphish.pdf
  • URL: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
  • URL: http://malware.dontneedcoffee.com/2012/11/cool-ek-hello-my-friend-cve-2012-5067.html
  • URL: http://blogs.technet.com/b/mmpc/archive/2012/11/15/a-technical-analysis-on-new-java-vulnerability-cve-2012-5076.aspx
  • URL: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
  • URL: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/160cde99bb1a
  • URL: http://www.security-explorations.com/materials/SE-2012-01-ORACLE-12.pdf
  • URL: http://www.security-explorations.com/materials/se-2012-01-61.zip
  • URL: http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
  • URL: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
  • URL: http://pastebin.com/cUG2ayjh
  • URL: http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3
  • URL: http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx
  • URL: http://schierlm.users.sourceforge.net/TypeConfusion.html
  • URL: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507
  • URL: https://community.rapid7.com/community/metasploit/blog/2012/03/29/cve-2012-0507--java-strikes-again
  • URL: http://www.mozilla.org/security/announce/mfsa2006-45.html
  • URL: http://www.security-explorations.com/materials/SE-2012-01-ORACLE-8.pdf
  • URL: http://www.security-explorations.com/materials/SE-2012-01-ORACLE-9.pdf

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out