Splunk AppDynamics
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Header Cookies Manipulation

CommunityUser
Splunk Employee
Splunk Employee
‎10-16-2019 08:08 AM

Hi, 

We are using AppDynamics EUM in our project and recently did a sonar security scan and we got a critical flag in adrum.js (latest version) where cookies are manupilated directly without any check (eg '\r' or '\n') which could result in sercurity vulnerabilities like "Response splitting", "Cache poisoning", "Cross Site Scripting" etc. Do we have a fix for this.

The security scan is HP Fortify Scan and this issue has severity as High from the scan.

Thanks

^ Edited by @Ryan.Paredez AppD Community Manager

Labels (1)
Labels
0 Karma
Reply

iamryan
Community Manager
Community Manager
‎10-18-2019 10:46 AM

Hi @Anonymous 

I recommend reporting this to support. Let me know if you have any trouble with this.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...