Difference between revisions of "WAF 340613"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with ''''Rule ID''' 340613 '''Alert Message''' Atomicorp.com WAF Rules: Invalid character in request or headers '''Description''' This rule checks for the NULL character in a…')
 
m
 
(One intermediate revision by one user not shown)
Line 13: Line 13:
 
'''False Positives'''
 
'''False Positives'''
  
This can be triggered if an application legitimately uses  
+
This can be triggered if an application legitimately uses a NULL as a value for a Header.  This has only been seen used for some Cookies, and should never be seen for URLs, File Names or Header Names.
  
 
It recommended that you report this as a false positive so our security team can determine if this is a legitimate case, or if its clever attack on your systems.  Instructions to report false positives are details on the [[Reporting False Positives]] wiki page.
 
It recommended that you report this as a false positive so our security team can determine if this is a legitimate case, or if its clever attack on your systems.  Instructions to report false positives are details on the [[Reporting False Positives]] wiki page.
Line 19: Line 19:
 
'''Similar Rules'''
 
'''Similar Rules'''
  
[[WAF_340364]]
+
[[WAF_340614]]
  
 
'''Outside References'''
 
'''Outside References'''

Latest revision as of 17:47, 25 November 2009

Rule ID

340613

Alert Message

Atomicorp.com WAF Rules: Invalid character in request or headers

Description

This rule checks for the NULL character in any URI, Filename, Header name or Header, except for Cookies and special known cases. NULLs can be used to bypass certain security checks and are often used as part of evasion attacks on web application firewalls.

False Positives

This can be triggered if an application legitimately uses a NULL as a value for a Header. This has only been seen used for some Cookies, and should never be seen for URLs, File Names or Header Names.

It recommended that you report this as a false positive so our security team can determine if this is a legitimate case, or if its clever attack on your systems. Instructions to report false positives are details on the Reporting False Positives wiki page.

Similar Rules

WAF_340614

Outside References

Personal tools