Skip to content

April 2, 2010

Malformed HTTP Content-Type value from Apache-Coyote 1.1

by Joe Kuan

Couple days ago, I was maintaining AppQoS appliances at customer site and noticed that one of our analysis tables from the HTTP module produced some strange results.

The table displays all the HTTP traffic in terms of media type (MIME) and transaction size in descending order. So that the network administrator can quickly notify which users have been abusing the network with video, audio or other binary streams. However, one traffic displayed with media type string ‘Content-Type: text’ instead of ‘text’ which the AppQoS HTTP module should have already parsed the string ‘Content-Type:’.

Here is a tree view screenshot of the AppQoS module

So I launched a browser with that link and captured the data. In Wireshark, it shows that the Content-Type field in the HTTP response packet is indeed malformed. The web server which produced the response protocol is Apache-Coyote/1.1.

Here is a wireshark screenshot of the malformed HTTP packet.

I work for iTrinegy. Here are my other blogs on networking


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: