Details | |
---|---|
Alert ID | 40038 |
Alert Type | Active |
Status | beta |
Risk | Medium |
CWE | |
WASC | |
Technologies Targeted | All |
Tags |
OWASP_2017_A05 OWASP_2021_A01 POLICY_QA_FULL WSTG-V42-ATHN-04 |
Summary
Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200).
Solution
Other Info
References
- https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
- https://www.contextis.com/en/blog/server-technologies-reverse-proxy-bypass