Project

General

Profile

Actions

Bug #2881

open

http.protocol parsing inaccuracy

Added by chris lujan almost 4 years ago. Updated 3 days ago.

Status:
In Review
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
low
Label:

Description

Request:

GET /uid=0(root) gid=0(root) groups=0(root)asdf HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*

eve.json output:
"http":{"protocol":"gid=0(root) groups=0(root)asdf HTTP\/1.1"}

It appears that the http.protocol is matching too greedily with the space character and could use something like /\S+$/m instead.


Related issues 3 (0 open3 closed)

Related to Task #3479: libhtp 0.5.33 (4.1.x)ClosedPhilippe AntoineActions
Related to Task #3922: libhtp 0.5.35ClosedPhilippe AntoineActions
Related to Task #4667: libhtp 0.5.39ClosedVictor JulienActions
Actions

Also available in: Atom PDF