ASM Violation "HTTP Header Injection"
Hi Folks,
in the last days I saw the violation "HTTP Header Injection" very often in my manual traffic learning. When looking at the request I can't really understand, what causes this violation. Typically it's related to "0xa" within the request body. In fact this means just a newline. I know, that this can be used in form fields to inject protocol header (i.e. in SMTP), but in my case this is just HTTP and was a newline within the request. It appeared several times in the request, but only one was causing this violation.
Typically I would clear this violation and wait until it returns a second time, but I can't because this will block legal request. So today I can only see false positives for this kind of signatures.
I would like to share an example request with you, but for if I would strip the sensitive content, you wouldn't see the interesting parts. So for now I will try to get experiences from you related to this violation and maybe some more information about it and how to handle this violation (without just disable all the signatures).
Hopefully this is clear.
Thanks in advance.
Greets, svs