(http_inspect) JUNK LINE BEFORE HTTP RESPONSE HEADER

The rule is designed to trigger an alert when it detects a junk line or invalid data before the response headers in an HTTP server's response. Normally, an HTTP response should start with a valid set of response headers, and any deviation from this expected format may indicate a potential issue or anomaly in the server's response.

Categories:

Cyber Attack
Preprocessor

ID Number

0000026

Signature

alert ( msg: "HI_SERVER_JUNK_LINE_BEFORE_RESP_HEADER"; sid: 26; gid: 120; rev: 1; metadata: policy max-detect-ips drop, rule-type preproc ; classtype:bad-unknown; )

MITRE ATT&CK Technique

Severity

Low

Recommendations/Investigative actions

Can be disabled will trigger many False Positives