06-19-2002 08:04 PM - edited 03-08-2019 11:02 PM
Cisco: Has a signature for the recent Apache vulnerability been developed yet?
06-19-2002 11:48 PM
Signature 5245 (from S21) will fire when someone attacks this vulnerability. More information at http://www.cisco.com/cgi-bin/front.x/csec/getIDSInfo.pl?SIG_ID=5245&SIG_SUB_ID=0
We are investigating a more specific signature.
06-24-2002 10:35 AM
any progress here?
Thanks!
-brkn
06-24-2002 03:20 PM
How safe to use present 5245 signature for blocking for this Apache chunk vulnerability??
Means what is percentage/ probability of False Positive??
06-24-2002 09:25 PM
Signature 5245 is a valid signature for detecting the Apache vulnerability.
It is very unlikely that chunked-encoding transfers are occuring, but it is a slight possibility. In such a case use a RecordOfExcludedAddress to prevent the false positive.
There are no plans for another signatures for this vulnerability.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: