Rule Category

Alert Message

(http_inspect) LONG HEADER

Rule Explanation

HTTP header line exceeds 4096 bytes. This does not apply to the start line. Header line length includes both header field name and value.

What To Look For

Known Usage

No public information

False Positives

No known false positives


Cisco Talos Intelligence Group

MITRE ATT&CK Framework



For reference, see the MITRE ATT&CK vulnerability types here:


Rule Vulnerability

CVE Additional Information

Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
SeverityHIGH Base Score10.0
Impact Score10.0 Exploit Score10.0
Confidentiality ImpactCOMPLETE Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE Access Vector
AuthenticationNONE Ease of Access