HTTP: Invalid Chunk Length
This protocol anomaly triggers when an invalid chunk length specification in a chunked transfer encoded HTTP request is detected. RFC-2616#3.6.1 specifies that the size of a chunk should be represented using hexadecimal notation.
Extended Description
A buffer overflow in the HTR ISAPI extension has been reported for Microsoft IIS (Internet Information Services). This condition affects IIS 4.0, IIS 5.0 and may be effectively mitigated by disabling the extension. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves.
Affected Products
Microsoft iis
Short Name
HTTP:OVERFLOW:INV-CHUNK-LEN
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CA-2002-17 CVE-2002-0392 bid:101590 bid:4474 sans top20
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3570
False Positive
Rarely
Vendors
Cisco
Microsoft
CVSS Score
7.5