20-Jul-2022 08:35
I have enabled the OWASP top 10 ruleset on one of our AWS WAFs however we are still seeing a High vulnerability for Reflected Cross-Site Scripting (XSS) in HTTP Header. Specifically in the cookie's cc_mode parameter.
I am looking for a way to protect against this type of attack.
20-Jul-2022 13:14
Can you add the cc_parameter to the ruleset and then apply attack signatures to that parameter?