Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Signature for Apache HTTP Server Chunk Encoding

Cisco: Has a signature for the recent Apache vulnerability been developed yet?

4 REPLIES
New Member

Re: Signature for Apache HTTP Server Chunk Encoding

Signature 5245 (from S21) will fire when someone attacks this vulnerability. More information at http://www.cisco.com/cgi-bin/front.x/csec/getIDSInfo.pl?SIG_ID=5245&SIG_SUB_ID=0

We are investigating a more specific signature.

New Member

Re: Signature for Apache HTTP Server Chunk Encoding

any progress here?

Thanks!

-brkn

New Member

Re: Signature for Apache HTTP Server Chunk Encoding

How safe to use present 5245 signature for blocking for this Apache chunk vulnerability??

Means what is percentage/ probability of False Positive??

New Member

Re: Signature for Apache HTTP Server Chunk Encoding

Signature 5245 is a valid signature for detecting the Apache vulnerability.

It is very unlikely that chunked-encoding transfers are occuring, but it is a slight possibility. In such a case use a RecordOfExcludedAddress to prevent the false positive.

There are no plans for another signatures for this vulnerability.

253
Views
0
Helpful
4
Replies
CreatePlease to create content