Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:OVERFLOW:AUTH-OVFLW

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 http authorization overflow

Release Date

 2004/01/23

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Auth Overflow


This protocol anomaly is an HTTP header with an authorization line that exceeds the user-defined maximum. HTTP Maximum Authorization default setting: 512. You can change this setting in the IDP Manager: Select a security policy from Security Policies, select the Sensor Settings tab. Change Protocol Thresholds and Configuration > HTTP > Maximum Authorization length. For Netscreen-Security Manager, perform the following: In the device navigation tree, select Security > IDP SM Settings, select the Protocol Thresholds and Configuration tab. Under HTTP, click the Show button. Set the Maximum Authorization length to the new value and click OK.

Extended Description

Authorization strings that are larger than the administrator-defined maximum length value are protocol anomalies and should be detected.

References

  • CVE: CVE-2008-2234
  • URL: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
  • URL: http://www.ietf.org/rfc/rfc3548.txt
  • URL: http://www.faqs.org/rfcs/rfc2617.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out