Created attachment 38310 [details] Cookie File (Apache)HTTPD Version : 2.4.53 Redhat Version : 8.1 PHP version : 7.4.28 We have a critical vulnerability being reported at a website handled by us. The bug states that the "The application deserializes serial objects in an insecure manner" when a GET request along with a cookie named "WASPostParam" is sent to the server. After receiving the request from our server creates a TCP connection and waits in "FIN_WAIT" state, but there is no response from the server side and after the timeout of TCP connection the Postman application states that "Could not get a response from the server". We are using Postman application for sending the request. I have attached the cookie file, our httpd.conf and screenshots stating our vulnerability. Kindly see the attachment for the files related to the problem and suggest the possible solution. Thanks & Regards Anubhav
If there's a problem deserializing this cookie, it's not in httpd. httpd doesn't do anything but forward the [serialized] value to the application server.
I have stopped the drupal flow, i.e u have tested it with only index.html but again I faced the same issue