Tweet
Is this something to be worried about? It happens when I view posts on my VBBS:
HTTP_ActivePerl_Overflow
Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.
Attack Category: Suspicious Activity
Anomalous network conditions or traffic patterns. A suspicious activity signature, for example, might detect two systems with identical IP addresses, a condition that indicates an attempted IP spoofing attack.
Description
Older versions of ActivePerl on Windows have a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code at the privilege level of the Web server process. This signature detects attempts to exploit the ActivePerl vulnerability through HTTP.
Links
CAN-2001-0815
BID 3526
Vulnerable Components
Activestate ActivePerl Version 5.6.1.629 and earlier on Windows</B> False Positive
This signature may not indicate malicious intent if ActivePerl versions other than those listed above are used or ActivePerl is not used at all. In this case, you can exclude this signature from monitoring.
HTTP_ActivePerl_Overflow
Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.
Attack Category: Suspicious Activity
Anomalous network conditions or traffic patterns. A suspicious activity signature, for example, might detect two systems with identical IP addresses, a condition that indicates an attempted IP spoofing attack.
Description
Older versions of ActivePerl on Windows have a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code at the privilege level of the Web server process. This signature detects attempts to exploit the ActivePerl vulnerability through HTTP.
Links
CAN-2001-0815
BID 3526
Vulnerable Components
Activestate ActivePerl Version 5.6.1.629 and earlier on Windows</B> False Positive
This signature may not indicate malicious intent if ActivePerl versions other than those listed above are used or ActivePerl is not used at all. In this case, you can exclude this signature from monitoring.
Comment