| Details | |
|---|---|
| Alert ID | 40038 |
| Alert Type | Active |
| Status | beta |
| Risk | Medium |
| CWE | |
| WASC | |
| Technologies Targeted | All |
| Tags |
OWASP_2017_A05 OWASP_2021_A01 WSTG-V42-ATHN-04 |
Summary
Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200).
Solution
Other Info
References
- https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
- https://www.contextis.com/en/blog/server-technologies-reverse-proxy-bypass