topic Header Cookies Manipulation in Splunk AppDynamics https://community.splunk.com/t5/Splunk-AppDynamics/Header-Cookies-Manipulation/m-p/739447#M11424 <P>Hi,&nbsp;</P> <P>We are using AppDynamics EUM in our project and recently did a sonar security scan and we got a critical flag in adrum.js (latest version) where cookies are manupilated directly without any check (eg '\r' or '\n') which could result in sercurity vulnerabilities like "Response splitting", "Cache poisoning", "Cross Site Scripting" etc. Do we have a fix for this.</P> <P>The security scan is <STRONG>HP Fortify Scan&nbsp;</STRONG>and this issue has severity as <STRONG>High </STRONG>from the scan.</P> <P>Thanks</P> <P>^ Edited by&nbsp;<A href="https://community.appdynamics.com/t5/user/viewprofilepage/user-id/142051">@Ryan.Paredez</A>&nbsp;AppD Community Manager</P> Wed, 16 Oct 2019 15:08:44 GMT CommunityUser 2019-10-16T15:08:44Z Header Cookies Manipulation https://community.splunk.com/t5/Splunk-AppDynamics/Header-Cookies-Manipulation/m-p/739447#M11424 <P>Hi,&nbsp;</P> <P>We are using AppDynamics EUM in our project and recently did a sonar security scan and we got a critical flag in adrum.js (latest version) where cookies are manupilated directly without any check (eg '\r' or '\n') which could result in sercurity vulnerabilities like "Response splitting", "Cache poisoning", "Cross Site Scripting" etc. Do we have a fix for this.</P> <P>The security scan is <STRONG>HP Fortify Scan&nbsp;</STRONG>and this issue has severity as <STRONG>High </STRONG>from the scan.</P> <P>Thanks</P> <P>^ Edited by&nbsp;<A href="https://community.appdynamics.com/t5/user/viewprofilepage/user-id/142051">@Ryan.Paredez</A>&nbsp;AppD Community Manager</P> Wed, 16 Oct 2019 15:08:44 GMT https://community.splunk.com/t5/Splunk-AppDynamics/Header-Cookies-Manipulation/m-p/739447#M11424 CommunityUser 2019-10-16T15:08:44Z Re: Header Cookies Manipulation https://community.splunk.com/t5/Splunk-AppDynamics/Header-Cookies-Manipulation/m-p/739448#M11425 <P>Hi&nbsp;@Anonymous&nbsp;</P> <P>I recommend reporting this to <A href="https://www.appdynamics.com/support/" target="_blank" rel="noopener nofollow noreferrer">support</A>. Let me know if you have any trouble with this.</P> Fri, 18 Oct 2019 17:46:33 GMT https://community.splunk.com/t5/Splunk-AppDynamics/Header-Cookies-Manipulation/m-p/739448#M11425 iamryan 2019-10-18T17:46:33Z