Intrusion PreventionHTTP.Header.Overly.Long.Host.Field.Value
Description
This indicates detection of a HTTP request with an overly long HTTP Host field.
An overly long HTTP host field is suspicious as it is an anomaly and can also be indicative of an attack attempt.
Outbreak Alert
CVE-2023-4966 is being widely exploited, with multiple threat actors, including ransomware groups, targeting internet-accessible NetScaler ADC and Gateway instances. After exploiting CVE-2023-4966, the attackers may engage in network reconnaissance, stealing account credentials and moving laterally via RDP.
Affected Products
Adobe Systems Macromedia JRun 3.0
Adobe Systems Macromedia JRun 3.1
Adobe Systems Macromedia JRun 4.0
Note that this vulnerability exists in the JRun connector for Apache only; connectors for other web servers are
not affected.
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
NetScaler ADC 13.1-FIPS before 13.1-37.164
NetScaler ADC 12.1-FIPS before 12.1-55.300
NetScaler ADC 12.1-NDcPP before 12.1-55.300
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest upgrade or patch provided by the vendor.
Monitor the traffic from that network for any signs of suspicious activity.
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2019-01-16 | 14.524 |
Modified
|
Sig Added |
References
http://www.exploit-db.com/exploits/26886/| ID | 27845 |
| Created | Aug 08, 2011 |
| Updated | Nov 03, 2023 |
| CVE ID | |
| Tags | Citrix Bleed Attack Threat Signal |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 94.35% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | BufferErrors |