AnsweredAssumed Answered

Injected header parameter

Question asked by michaelg on Sep 26, 2013
Latest reply on Sep 27, 2013 by michaelg

Hi All,

 

I would like to ask you for help. Is it possible to force WAS not to check/scan injected custom header parameter?

Here are more details. We use some debug mode which we are able to switch off using Cookies. So when I use "header Injection" and put "Cookie: dbgm=off" the debug mode is switched off. Unfortunately know the parameter is known for WAS and it uses this parameter in scans and it causes a lot of F/P.

 

Any idea is appreciated.

 

Thank you

 

Michael

Outcomes