Rule: -- Sid: 1808 -- Summary: An attacker is using exploit code for the Apache chunked encoding vulnerability against your web server. -- Impact: If successful, this exploit can allow attackers to cause code of their choice to run on your server or cause a denial of service. -- Detailed Information: Older versions of the Apache HTTP server suffered from a bug in the routines that handled chunked encoding. This exploit takes advantage of this vulnerability. -- Affected Systems: Version of Apache 1.3 up to and including 1.3.24 and versions of Apache 2.0 up to 2.0.36. All versions of Apache 1.2 are vulnerable. Although this vulnerability is present in all ports of Apache, the exploit code detected by this signature appears to only work against systems running BSD. -- Attack Scenarios: An attacker can take advantage of a widely available exploit script to compromise the server. -- Ease of Attack: Simple. Exploit scripts are available. -- False Positives: None known. -- False Negatives: This signature detects specific exploit code that targets systems running BSD. It is certainly possible for this vulnerability to be exploited in ways other than those detected by this signature. -- Corrective Action: Ensure that you are running a version of Apache newer than those listed in the "affected systems" section. -- Contributors: Sourcefire Research Team Brian Caswell <bmc@sourcefire.com> Snort documentation contributed by Kevin Peuhkurinen -- Additional References: Apache http server project http://httpd.apache.org/info/security_bulletin_20020620.txt --