Last Modified: Oct 19, 2022
Opened: Apr 08, 2022
URL parameters that are configured as 'Base64 Decoding' false are still treated as Base64 Encoded values. This leads to reading incorrect parameter values.
A request gets blocked with an attack signature detected, when it should not be. Negative signature check gets skipped or generates false alarms.
Create a parameter, not staged with user-input, alpha-numeric, Base64 values set to False.
The system now check to determine whether Base64 is set for the parameter before decoding it.