Bug ID 420378: Attack Type of "Illegal HTTP Status" violation should be "Information Leakage" instead of "HTTP Parser Attack"

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0

Fixed In:
11.5.0

Opened: May 02, 2013
Severity: 3-Major
Related AskF5 Article:
K51400053

Symptoms

The "Illegal HTTP Status" violation is mistakenly reported as an "HTTP Parser Attack" attack type, but it should be an "Information Leakage" attack type.

Impact

Wrong attack type.

Conditions

F5 consultant found "Violation: Illegal HTTP status in response" was marked as "Attack Type: HTTP Parser Attack" please see \\athens\siteconfig\1-188898302\apr_26\Capture.PNG

Workaround

This issue has no workaround at this time.

Fix Information

The "Illegal HTTP Status" violation is now correctly reported as an "Information Leakage" attack instead of an "HTTP Parser Attack" attack.

Behavior Change