Last Modified: Sep 13, 2023
17.1.0, 16.1.4, 15.1.7
Opened: Jun 02, 2022 Severity: 4-Minor
ASM does not enforce incoming HTTP requests where the request line and the first header are separated with a line feed ('\n').
Invalid requests might pass through ASM enforcement.
Any HTTP request with a line feed only at the end of the request line will not be enforced.
HTTP requests with LF('\n') as the only separator between the request line and the first header are enforced, and "Unparsable request content" is reported.