We developed a website based on azure and a couple days we received a scanner report from Qualys.
8 level 3 severity was found, all 150022 Syntax Errors.
The vulnerabilty was detected on the 2 reserved cookies from Azure: ARRAffinity and WAWebSiteSID.
We've contacted azure support team and tests was made. They told us that when "tested this out with the sample requests (and responses) attached.
Not only do you not see those values reflected back in the response body, but the cookies retain the original value as well. Seems like a bogus error to me unless someone can prove otherwise."
Is there any other test that we can apply to achieve the error that scanner is reporting?