Intrusion Prevention

HTTP.Headers.End.With.LFCRCRLF

Description

This indicates detection of a malformed HTTP request.
This malformed HTTP request consists of a request line, various headers, an empty line, and an optional message body:
Request = Request-Line headers CRLF [message-body]
Request-Line = Method SP Request-URI SP HTTP-Version CRLF
Headers = *[Header]
Header = Field-Name ":" Field-Value LFCR
where CR represents the Carriage Return character while LF represents the Line Feed character.

Affected Products

Any unprotected system is vulnerable to the attack.

Impact

This may indicate an attempted probe or attack.

Recommended Actions

The signature can be enabled to block this traffic.