CVE-2021-41732: 
Zeek vulnerability analysis and mitigation

A disputed HTTP request splitting vulnerability was discovered in Zeek version 4.1.0. The vulnerability allows attackers to split a single HTTP request into multiple requests, which can invalidate Zeek's HTTP-based security analysis capabilities. The issue was reported on September 24, 2021, and was marked as disputed because the vendor's position is that the observed behavior is intended (GitHub Issue).

The vulnerability affects Zeek's HTTP request parsing mechanism. When sending a specific HTTP POST request with a crafted payload and Content-Length header, Zeek incorrectly splits the request into multiple parts and misplaces request methods, hosts, and URIs. For example, a single request can be split into three separate entries in Zeek's logs, with incorrect parsing of request methods and URIs. The issue has been assigned a CVSS v3.1 base score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) (NVD).

The vulnerability can lead to the invalidation of any Zeek HTTP-based security analysis, including Zeek's internal security plug-ins. This could potentially allow attackers to bypass security monitoring and analysis capabilities that rely on Zeek's HTTP parsing (GitHub Issue).