Question

1
Replies
73
Views
MohithC8 Member since 2013 8 posts
Accenture
Posted: April 4, 2019
Last activity: May 23, 2019
Closed

HTTP header of microsite url contains encoded white space ‘%09’ - vulnerability for Evasion technique attack

Hi everyone

the link produced from Pega has some spaces (the %09% below) and it get blocked by the reverse proxy itself because according to our security team, this lead to Evasion technique attack vulnerability.

https://XXXXX.com/prweb/PRHTTPService/MKT/RH/PORE?Px=%09%7Bpr%7DMdKZs%2BIQFDaY%2Fk2GWrVcn7mHKQZ6cLXFU2X2%2Fay2

GCS proposed us some solution that should have trimmed the spaces but unfortunately it didn’t work (the spaces are still there).

has anyone faced similar problem ? how it can be solved?

***Edited by Moderator Marissa to update platform capability tags****

Pega Marketing
Moderation Team has archived post
Share this page LinkedIn