https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022019-03-11T13:39:56ZOpen Information Security FoundationSuricata - Bug #2619: Malformed HTTP causes FN using http_header_names;https://redmine.openinfosecfoundation.org/issues/2619?journal_id=114002019-03-11T13:39:56ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Assignee</strong> set to <i>Philippe Antoine</i></li><li><strong>Target version</strong> set to <i>5.0beta1</i></li></ul> Suricata - Bug #2619: Malformed HTTP causes FN using http_header_names;https://redmine.openinfosecfoundation.org/issues/2619?journal_id=117112019-04-02T09:04:09ZPhilippe Antoine
<ul></ul><p>Thanks Travis for this report.<br />These false negatives are due to the missing protocol field in the request line.<br />LibHTP interprets this as HTTP 0.9 which has no headers.</p>
<p>Python http.server interprets correctly the headers if we forget this protocol field.<br />I will do a fix checking if line looks like a header one</p> Suricata - Bug #2619: Malformed HTTP causes FN using http_header_names;https://redmine.openinfosecfoundation.org/issues/2619?journal_id=118862019-04-29T07:47:39ZVictor Julienvictor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>5.0beta1</i> to <i>5.0rc1</i></li></ul> Suricata - Bug #2619: Malformed HTTP causes FN using http_header_names;https://redmine.openinfosecfoundation.org/issues/2619?journal_id=135802019-09-13T08:46:08ZPhilippe Antoine
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li></ul><p><a class="external" href="https://github.com/OISF/suricata-verify/pull/30">https://github.com/OISF/suricata-verify/pull/30</a><br /><a class="external" href="https://github.com/OISF/libhtp/pull/236">https://github.com/OISF/libhtp/pull/236</a></p>