Check Point Reference: | SBP-2008-07 |
Date Published: | 25 May 2008 |
Severity: | High |
Last Updated: | Tuesday 01 January, 2008 |
Source: | SmartDefense Research Center |
Protection Provided by: | |
Who is Vulnerable? | HTTP Servers & Clients |
Vulnerability Description | Web servers and applications parse not only the URL, but also the rest of the HTTP header data. Wrong parsing can lead to buffer overrun attacks and other vulnerabilities. Some exploits use the HTTP headers to cause damage. The exploit can be carried in standard headers (the Host header for example) with custom values, or in custom headers. Such attacks can be blocked using signatures that are defined using regular expressions. Web Intelligence can provide protection against many HTTP threats, including preventing attacks that run malicious code on web servers or clients. SmartDefense allows Administrators to configure signatures that will be detected and blocked by Gateways. The SmartDefense subscription service regularly updates signature patterns for common malware. In addition, an Administrator can define custom header rejection patterns. |
Vulnerability Details | The Web Intelligence?s Header Rejection tool can:
|