Signature Detail

Short Name	HTTP:EXPLOIT:ILLEGAL-HOST-CHAR
Severity	Medium
Recommended	Yes
Category	HTTP
Keywords	Illegal Characters in Host Header Field
Release Date	2004/06/23
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Illegal Characters in Host Header Field

This signature detects illegal characters in a Host header field of an HTTP/1.1 request. Attackers can send an HTTP link, that, when selected by the user, generates an HTTP request to a malicious Web site. In your logs, the destination IP address for the event can be the malicious Web site; however, some foreign Web sites can also trigger this signature, creating a false positive.

Extended Description

Illegal characters in the host header field in an HTTP response could indicate an attempted attack.

References

URL: ftp://ftp.is.co.za/rfc/rfc1035.txt
URL: ftp://ftp.is.co.za/rfc/rfc3696.txt
URL: http://www.watersprings.org/pub/id/draft-klensin-name-filters-00.txt

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Illegal Characters in Host Header Field

Extended Description

References