HTTP: Unknown Request Verb
This signature detects an unknown, non-standard HTTP request command verb. This could be an attempt to tunnel another protocol over HTTP.
Extended Description
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Affected Products
Apache http_server
References
CVE: CVE-2011-3348
Short Name
HTTP:AUDIT:UNKNOWN-VERB
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2011-3348 Request Unknown Verb
Release Date
10/03/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3527
False Positive
Unknown
Vendors
Apache
CVSS Score
4.3