Support Center

Question

MohithC8

Member since 2013

10 posts

Accenture

Posted: Apr 4, 2019

Last activity: May 23, 2019

Posted: 4 Apr 2019 10:43 EDT
Last activity: 23 May 2019 2:20 EDT

Closed

HTTP header of microsite url contains encoded white space ‘%09’ - vulnerability for Evasion technique attack

Report

Hi everyone

the link produced from Pega has some spaces (the %09% below) and it get blocked by the reverse proxy itself because according to our security team, this lead to Evasion technique attack vulnerability.

https://XXXXX.com/prweb/PRHTTPService/MKT/RH/PORE?Px=%09%7Bpr%7DMdKZs%2BIQFDaY%2Fk2GWrVcn7mHKQZ6cLXFU2X2%2Fay2

Hi everyone

https://XXXXX.com/prweb/PRHTTPService/MKT/RH/PORE?Px=%09%7Bpr%7DMdKZs%2BIQFDaY%2Fk2GWrVcn7mHKQZ6cLXFU2X2%2Fay2

GCS proposed us some solution that should have trimmed the spaces but unfortunately it didn’t work (the spaces are still there).

has anyone faced similar problem ? how it can be solved?

***Edited by Moderator Marissa to update platform capability tags****

Show Less

To see attachments, please log in.

Pega Marketing

Like (0)
Share this page Facebook Twitter LinkedIn Email Copying... Copied!

Posted: 5 years ago

Posted: 23 May 2019 2:20 EDT

Anuj Srivastava

PEGA

replied to MohithC8

Report

Hi,

It looks like its not space, It is horizontal tab which is der in the URL. If you want to then your should replace \t from the URL. Can you please let me know the SR number which is raised for this Use case.

To see attachments, please log in.

Like (0)

Question

HTTP header of microsite url contains encoded white space ‘%09’ - vulnerability for Evasion technique attack

Need help or want to help others?

Experience the benefits of Support Center when you log in.

Question

HTTP header of microsite url contains encoded white space ‘%09’ - vulnerability for Evasion technique attack

Related content:

Need help or want to help others?

Experience the benefits of Support Center when you log in.

We'd prefer it if you saw us at our best.