Bug ID 420378: Attack Type of "Illegal HTTP Status" violation should be "Information Leakage" instead of "HTTP Parser Attack"

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0

Fixed In:

Opened: May 02, 2013

Severity: 3-Major

Related Article: K51400053


The "Illegal HTTP Status" violation is mistakenly reported as an "HTTP Parser Attack" attack type, but it should be an "Information Leakage" attack type.


Wrong attack type.


F5 consultant found "Violation: Illegal HTTP status in response" was marked as "Attack Type: HTTP Parser Attack" please see \\athens\siteconfig\1-188898302\apr_26\Capture.PNG


This issue has no workaround at this time.

Fix Information

The "Illegal HTTP Status" violation is now correctly reported as an "Information Leakage" attack instead of an "HTTP Parser Attack" attack.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips