Splunk AppDynamics

Header Cookies Manipulation

CommunityUser
Splunk Employee
Splunk Employee

Hi, 

We are using AppDynamics EUM in our project and recently did a sonar security scan and we got a critical flag in adrum.js (latest version) where cookies are manupilated directly without any check (eg '\r' or '\n') which could result in sercurity vulnerabilities like "Response splitting", "Cache poisoning", "Cross Site Scripting" etc. Do we have a fix for this.

The security scan is HP Fortify Scan and this issue has severity as High from the scan.

Thanks

^ Edited by @Ryan.Paredez AppD Community Manager

Labels (1)
0 Karma

iamryan
Community Manager
Community Manager

Hi @Anonymous 

I recommend reporting this to support. Let me know if you have any trouble with this.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...