An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intendedReferenceshttps://github.com/zeek/zeek/issues/1798
