For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

svs's avatar
svs
Icon for Cirrostratus rankCirrostratus
Sep 28, 2016

ASM Violation "HTTP Header Injection"

Hi Folks,   in the last days I saw the violation "HTTP Header Injection" very often in my manual traffic learning. When looking at the request I can't really understand, what causes this violation...
ASM Advanced WAF
security
svs's avatar
svs
Icon for Cirrostratus rankCirrostratus
Oct 14, 2016

I've tried to remove sensitive data from the full request, to post it, but the relevant part of the request contains the sensitive data. So removing or replacing it, wont help to find the cause for it.

 

I saw this HTTP Header Injection suddenly on every single installation I've done. I thought of an issue with the signature database, but currently there is no update. I will do as you have suggested and open a support case for this.

 

Thanks for your help.

 

Greets, svs