HTTP: Authorization Overflow
This protocol anomaly triggers when an HTTP authorization header exceeds the user-defined maximum. The default length is 1024 bytes; you can change this setting in the Sensor Settings Rulebase>Protocol Thresholds and Configuration>HTTP>Maximum Authorization Length.
Extended Description
Receiving such a message may indicate an attack attempt. The impact depends on how an HTTP server handles such a malformed message.
References
BugTraq: 8375 9633 99569 37896
CVE: CVE-2003-0727
URL: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.8 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html http://www.ietf.org/rfc/rfc3548.txt http://www.faqs.org/rfcs/rfc2617.html http://www.us-cert.gov/cas/techalerts/TA04-041A.html http://www.kb.cert.org/vuls/id/216324
Short Name
HTTP:OVERFLOW:AUTHORIZATION
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2003-0727 CVE-2005-1935 CVE-2008-2234 CVE-2009-0183 CVE-2010-0387 CVE-2017-9788 bid:37896 bid:8375 bid:9633 bid:99569
Release Date
02/12/2004
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3324
False Positive
Rarely
CVSS Score
7.5
10.0
2.1
6.4