Difference between revisions of "WAF 340614"
m |
m |
||
| (One intermediate revision by one user not shown) | |||
| Line 13: | Line 13: | ||
'''False Positives''' | '''False Positives''' | ||
| − | This can be triggered if an application legitimately uses | + | This can be triggered if an application legitimately uses a NULL in an Argument. |
| − | It recommended that you report this as a false positive so our security team can determine if this is a legitimate case, or if its clever attack on your systems. Instructions to report false positives are detailed on the [[Reporting False Positives]] wiki page. | + | This can be triggered if an application use a NULL as part of an argument name. It is not expected that any application would use a NULL legitimately in an Argument Name. |
| + | |||
| + | If you believe this is a False Positive, it recommended that you report this as a false positive so our security team can determine if this is a legitimate case, or if its clever attack on your systems. Instructions to report false positives are detailed on the [[Reporting False Positives]] wiki page. | ||
'''Similar Rules''' | '''Similar Rules''' | ||
Latest revision as of 17:34, 12 October 2010
Rule ID
340614
Alert Message
Atomicorp.com WAF Rules: Invalid character in ARGS
Description
This rule checks for the NULL character in any Argument or Argument name, except in special cases where it is known that this will occur safely. NULLs can be used to bypass certain security checks and are often used as part of evasion attacks on web application firewalls.
False Positives
This can be triggered if an application legitimately uses a NULL in an Argument.
This can be triggered if an application use a NULL as part of an argument name. It is not expected that any application would use a NULL legitimately in an Argument Name.
If you believe this is a False Positive, it recommended that you report this as a false positive so our security team can determine if this is a legitimate case, or if its clever attack on your systems. Instructions to report false positives are detailed on the Reporting False Positives wiki page.
Similar Rules
Outside References
