Last Modified: Jun 07, 2022
Opened: Jul 29, 2020
Improper handling of multiple cookies results in security bypass when certain server technologies are used. The multiple cookie headers are handled separately in ASM, but the backend server concatenates it and can lead to potential signature attacks.
Bypass of negative security enforcement and can affect certain server technologies
When PHP server technology is used as backend and a specially crafted request is sent with multiple cookies header.
Templates are modified to change the default value of 'Repeated Occurrences' for HTTP header 'cookie' to 'Disallow'.