Signature Detail

HTTP: Authorization Overflow

This protocol anomaly triggers when an HTTP authorization header exceeds the user-defined maximum. The default length is 128; you can change this setting in the Sensor Settings Rulebase>Protocol Thresholds and Configuration>HTTP>Maximum Authorization Length.

Extended Description

Receiving such a message may indicate an attack attempt. The impact depends on how an HTTP server handles such a malformed message.

References

• URL: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.8