Short Name |
HTTP:INVALID:GZIP-TRANSACTION |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Release Date |
2016/06/23 |
Update Number |
2747 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This anomaly is triggered if a mismatch is detected between the indicated value "gzip" in the Content-encoding header and the actual data. The type of payload should start from the pattern "1f 8b" and if it doesn't, it may be an attempt by malware to obfuscate the payload and it will be detected by this anomaly.