cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
554
Views
0
Helpful
4
Replies

Signature for Apache HTTP Server Chunk Encoding

garpend
Level 1
Level 1

Cisco: Has a signature for the recent Apache vulnerability been developed yet?

4 Replies 4

mlhall
Level 1
Level 1

Signature 5245 (from S21) will fire when someone attacks this vulnerability. More information at http://www.cisco.com/cgi-bin/front.x/csec/getIDSInfo.pl?SIG_ID=5245&SIG_SUB_ID=0

We are investigating a more specific signature.

any progress here?

Thanks!

-brkn

How safe to use present 5245 signature for blocking for this Apache chunk vulnerability??

Means what is percentage/ probability of False Positive??

Signature 5245 is a valid signature for detecting the Apache vulnerability.

It is very unlikely that chunked-encoding transfers are occuring, but it is a slight possibility. In such a case use a RecordOfExcludedAddress to prevent the false positive.

There are no plans for another signatures for this vulnerability.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: