MediumRealSecure Network, Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS, Proventia Network MFS, Proventia-G 1.1 and earlier, RealSecure Server Sensor, RealSecure Guard, RealSecure Desktop Protector, BlackICE Agent for Server, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection, BlackICE PC Protection, RealSecure Sentry:
This signature detects an overflow in the HTTP Connection field.
Medium
RealSecure Network: 7.0, Proventia Server IPS for Linux technology: 1.0, Proventia Desktop: 8.0.614.1, Proventia Network IPS: 2.0, Proventia Network MFS: 1.0, Proventia-G 1.1 and earlier: G Series, RealSecure Server Sensor: 7.0, RealSecure Guard: 3.6, RealSecure Desktop Protector: 3.6, BlackICE Agent for Server: 3.6, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, BlackICE Server Protection: 3.6.cbd, BlackICE PC Protection: 3.6.cbd, RealSecure Sentry: 3.6
Various vendors Any application, Various vendors HTTP
Unauthorized Access Attempt
An HTTP request containing a malformed "Connection" field could indicate a remote attacker's attempt to execute arbitrary commands on the system. A normal HTTP "Connection" field should look similar to "Connection: Keep Alive".
No remedy available as of February 2002.
ISS X-Force
HTTP "Connection" field buffer overflow
http://www.iss.net/security_center/static/8234.php