MS15-034 can be exploited with a GET request with a specially crafted Range header. Multiple ranges are allowed, whitespace is allowed and numbers can have leading zeroes. If the rule looks for string -18446744073709551615, then using string – in the attack (extra space character added) will evade detection. If you are using rules that dont detect these cases properly, then attackers can easily evade detection.”]
Source: https://blog.didierstevens.com/2015/04/17/ms15-034-detection-some-observations/