GET /disp_reports.php?

A network engineer at Company ABC observes the following raw HTTP request:

GET /disp_reports.php? SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01­01-0101&Run=

Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1

HTTP/1.1

Host: test.example.net

Accept: */*

Accept-LanguagE. en

Connection: close

CookiE. java14=1; java15=1; java16=1; js=1292192278001;

Which of the following should be the engineer’s GREATEST concern?
A . The HTTPS is not being enforced so the system is vulnerable.
B . The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack.
C . Sensitive data is transmitted in the UR
E . The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.

View Answer

Answer: C