Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Activity Processors: Method Processor: Incident - Unknown HTTP Protocol

    Complexity: Medium (3.0)

    Default Response: 1x = Slow Connection 2-6 seconds & 1 Hour Clear Inputs

    Cause: HTTP comes in several different versions. These are specified in each request issued by a client to the web server. The acceptable standard versions are 0.9, 1.0, and 1.1. Any other protocol represents a nonstandard HTTP request issued by a non-standard HTTP client. Under nearly every legitimate use-case, there is no reason to either omit the protocol or to provide one that is not standard. This incident triggers whenever a user submits a request that contains an unknown protocol version. This would represent a clear violation of the HTTP protocol RFC specifications. The only time this should be acceptable behavior, is if the web application intentionally utilizes a non-standard protocol, however this should rarely, if ever, be the case.

    Behavior: This incident is likely to occur whenever the attacker is attempting to create a custom attack script against the web site. They may have either mistyped the protocol value, or they are intentionally using a non-standard value to prevent intended functionality by one of the devices that processes the request. For example, an attacker may try to submit a request with an invalid protocol of 11.1 in an effort to break security devices protecting the web server. These security devices may not be able to handle non-standard protocols correctly, and as a result, may allow malicious requests to reach the backend unmodified.

    Published: 2013-11-20