Signature Detail

Short Name	HTTP:INVALID:INVLD-AUTH-LEN
Severity	High
Recommended	No
Category	HTTP
Keywords	Invalid Auth Length
Release Date	2004/01/23
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Invalid Auth Length

This protocol anomaly detects an HTTP header with an authorization string containing an invalid length (a length that is not a multiple of four). Because the authorization line is encoded/decoded using base64, the length must be a multiple of four (4).

Extended Description

It is a protocol anomaly when an HTTP header with an authorization string has a length that is not a multiple of 4.

References

URL: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
URL: http://www.ietf.org/rfc/rfc3548.txt
URL: http://www.faqs.org/rfcs/rfc2617.html

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Invalid Auth Length

Extended Description

References