HTTP: Request Injection
This signature detects attempts to inject a potentially malicious HTTP request into a legitimate HTTP session. This can indicate a man-in-the-middle attack is taking place. Even if this is not part of the RFC more and more web application use a header that copy the request. Monitor the usage of such header as this could be seen as a false positive from this signature.
Extended Description
Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.
Affected Products
Cisco wireless_lan_control,Sun java_system_web_server,Opera_software opera_web_browser
Short Name
HTTP:REQERR:REQ-INJECTION
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2009-3555 Injection Request bid:36935
Release Date
11/06/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Blue_coat_systems
Balabit
Sun
Gnu
Oracle
Slackware
Openvpn
Apache_software_foundation
Proftpd_project
Gentoo
Opera_software
Hp
Mozilla
Avaya
Ingate
Openoffice
Pardus
Ubuntu
Novell
Debian
Openssl_project
Voodoo_circle
Linksys
Ibm
Aruba_networks
Zeus_technology
Freebsd
Mandriva
Suse
Microsoft
F5
Red_hat
Research_in_motion
Cisco
Apple
Matrixssl
Rpath
Turbolinux
Hitachi
Innominate
Bsd_perimeter
Citrix
Netbsd
Vmware
CVSS Score
5.8