Majority response status codes 1XX

firetail:majority-status-code-100

Type:

Detection

Rule Severity:

Info

Over half of an API's response status codes over a given time period were in the 1XX range.

The 1XX status codes in HTTP represent informational responses, typically sent as interim responses to indicate that the server has received the request headers and the client should proceed with sending the request body or wait for the server's further instructions. When over half of an API's responses fall into this range, it may indicate an unusual or unintended behavior, such as a misconfigured server, incomplete request handling, or an application issue.

Remediation

Investigate the API to verify if it should be returning a majority of responses with 1XX status codes.

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Basic Authentication found in logs
SSL vulnerabilities detected
Majority response status codes 5XX
AppSync introspection endpoint enabled
Malicious activity found in logs
Credentials in URL