Last Modified: Sep 13, 2023
17.1.0, 16.1.4, 15.1.9
Opened: Mar 31, 2022 Severity: 3-Major
An "Illegal Base64 value" violation will be reported for a staged parameter even though Alarm/Blocking/Learning is disabled for this violation.
The violation "Illegal Base64 value" is reported.
- A parameter has to be set to staging mode with base64 decoding. - The Alarm/Blocking/Learning flags has to be disabled for the violation "Illegal Base64 value". - The incoming request has to have the defined parameter in QS with an attack signature that is not base64 encoded in the parameter value.
The violation "Illegal Base64 value" is not reported if Alarm/Blocking/Learning flags are disabled.