[Snort-sigs] Anyone working on sigs for the Apache chunked encoding vulnerability?

Matt Kettler mkettler at ...189...
Tue Jun 18 08:43:05 EDT 2002


I'm wondering if anyone has a bit more information on this vulnerability so 
that we can start writing sigs for it.

Currently it looks like it's a DoS against any version of Apache on any 
platform, and potentially exploitable on win32 and some 64bit platforms.

The available information I can find so far indicates a lot about the high 
level structure of the problem, but so far (somewhat wisely) does not give 
much exploit detail. Unfortunately lack of such detail makes signature 
writing near impossible at this point, so I'm wondering if anyone has 
stumbled across more information than I have.

This is Apache's announcement:
http://httpd.apache.org/info/security_bulletin_20020617.txt

This is the ISS announcement (has some details Apache left out, but also 
misses some things that Apache figured out):

http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00189.html





More information about the Snort-sigs mailing list