Intrusion Prevention

HTTP.Negative.Content.Length

Description

This signature indicates a possible attempt to exploit a Buffer Overflow vulnerability in an HTTP server.
The "Content-Length:" in an HTTP header indicates the data length in the HTTP request. The sender can provide a negative value for the length value in an attempt to overflow the server's buffer.

Affected Products

Any HTTP server may be vulnerable

Impact

This is a protocol anomaly. Specific impact will vary depending on the product.

Recommended Actions

This indicates detection of traffic that does not comply with the protocol standard.
Monitor the traffic from that network for any suspicious activity.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2019-02-07	14.544	Modified	Sig Added
2019-01-29	14.536	Modified	Sig Added
2019-01-25	14.535	Modified	Sig Added
2019-01-25	14.534	Modified	Sig Added

References

44284

ID	43686
Created	Feb 23, 2017
Updated	Nov 03, 2021
CVE ID
Risk
Exploit Prediction Score	60.77%
Default Action	drop
Active
Affected OS	All
Affected App	All
Profile Type	Numeric Errors

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

HTTP.Negative.Content.Length

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

HTTP.Negative.Content.Length

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

References

Threat Intelligence
Center