CRWAE1408W

The target server sent a malformed response

This error occurs if the server returns an incorrect HTTP Response. A response is considered malformed if one of these RFC specifications are not met:
  • In end-of-line code, use CRLF; using CR or LF alone is not allowed.
  • Do not include spaces in header names.
  • If multiple status lines exist, all additional status lines are treated as malformed header name-value pairs.
  • The status line must have a status description, in addition to a status code.
  • Header names cannot have non-ASCII chars.

These steps relax the validation of HTTP headers and might expose the manual explore client to attacks that come from the server. However, if you receive this message it does not necessarily mean that the target server is attempting an attack. It might be non-RFC-compliant.

  1. Close Manual Explorer.
  2. Create a file that is called ManualExplore.exe.config in the Manual Explorer installation directory (for example, C:\Program Files (x86)\HCL\AppScan Manual Explorer).
  3. Add this text to the file and save it.

    <?xml version="1.0"?>
    <configuration>
      <system.net>
      <settings>
          <httpWebRequest useUnsafeHeaderParsing="true" />
      </settings>
      </system.net>
    </configuration>

  4. Run Manual Explorer.