WARNING [https-jsse-nio-8443-exec-1] org.owasp.esapi.reference.JavaLogFactory$JavaLogger.log [SECURITY FAILURE Anonymous:null@unknown -> /ExampleApplication/IntrusionDetector] Invalid input: context=HTTP header value: cookie, type(HTTPHeaderValue_cookie)=^[a-zA-Z0-9()\-=\*\.\?;,+\/:&_|% ]*$, input=JSESSIONID=3E51B1EA7294F903FC61AD1427976658; _ga=GA1.2.2020557455.1586943382; _iub_cs-448728={"timestamp":"2021-03-12T08:42:56.533Z","version":"1.28.1","consent":true,"id":448728}; euconsent-v2=CPC75-TPC75-mB7D6BITBRCsAP_AAH_AAAAAHmNf_X__b39j-_59_9t0eY1f9_7_v-0zjhfds-8N2f_X_L8X42M7vF36pq4KuR4Eu3LBIQFlHOHUTUmw6okVrTPsak2Mr7NKJ7LEinMbe2dYGHtfn91TuZKYr_7s_9_z__-__v__79f_r-3_3_vp9X---_e_V399xLv9QPKAJMNS-AizEscCSaNKoUQIQriQ6AUAFFCMLRNYQMrgp2VwEeoIGACA1ARgRAgxBRiwCAAACAJKIgJADwQCIAiAQAAgBUgIQAETAILACwMAgAFANCxAigCECQgyOCo5TAgIkWignkrAEou9jDCEMosAKBR_RUYCJQggWAAA; grafana_session=b5a05cc7ecfb750ab181a628ba428817; _gid=GA1.2.517492897.1615823961; _iub_cs-448728-granular={}, orig=JSESSIONID=3E51B1EA7294F903FC61AD1427976658; _ga=GA1.2.2020557455.1586943382; _iub_cs-448728=%7B%22timestamp%22%3A%222021-03-12T08%3A42%3A56.533Z%22%2C%22version%22%3A%221.28.1%22%2C%22consent%22%3Atrue%2C%22id%22%3A448728%7D; euconsent-v2=CPC75-TPC75-mB7D6BITBRCsAP_AAH_AAAAAHmNf_X__b39j-_59_9t0eY1f9_7_v-0zjhfds-8N2f_X_L8X42M7vF36pq4KuR4Eu3LBIQFlHOHUTUmw6okVrTPsak2Mr7NKJ7LEinMbe2dYGHtfn91TuZKYr_7s_9_z__-__v__79f_r-3_3_vp9X---_e_V399xLv9QPKAJMNS-AizEscCSaNKoUQIQriQ6AUAFFCMLRNYQMrgp2VwEeoIGACA1ARgRAgxBRiwCAAACAJKIgJADwQCIAiAQAAgBUgIQAETAILACwMAgAFANCxAigCECQgyOCo5TAgIkWignkrAEou9jDCEMosAKBR_RUYCJQggWAAA; grafana_session=b5a05cc7ecfb750ab181a628ba428817; _gid=GA1.2.517492897.1615823961; _iub_cs-448728-granular=%7B%7D org.owasp.esapi.errors.ValidationException: HTTP header value: cookie: Invalid input. Please conform to regex ^[a-zA-Z0-9()\-=\*\.\?;,+\/:&_|% ]*$ with a maximum length of 2000 at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:144) at org.owasp.esapi.reference.validation.StringValidationRule.getValid(StringValidationRule.java:306) at com.thingworx.security.filter.ESAPICustomValidator.getValidInput(ESAPICustomValidator.java:29) at com.thingworx.security.filter.ValidatingHttpRequest.getValidInput(ValidatingHttpRequest.java:125) at com.thingworx.security.filter.ValidatingHttpRequest.getValidHeaderInput(ValidatingHttpRequest.java:143) at com.thingworx.security.filter.ValidatingHttpRequest.getHeader(ValidatingHttpRequest.java:85) at com.thingworx.webservices.context.HttpExecutionContext.(HttpExecutionContext.java:233) at com.thingworx.webservices.BaseService.service(BaseService.java:310) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.thingworx.security.contenttype.ContentTypeFilter.doFilter(ContentTypeFilter.java:138) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.thingworx.security.contenttype.ContentLengthFilter.doFilter(ContentLengthFilter.java:73) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.thingworx.security.filter.ValidationFilter.doFilter(ValidationFilter.java:22) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.thingworx.security.authentication.AuthenticationFilter.propagateRequest(AuthenticationFilter.java:686) at com.thingworx.security.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:228) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.thingworx.security.filter.ClickjackFilter.doFilter(ClickjackFilter.java:208) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.thingworx.security.filter.HttpResponseHeadersFilter.doFilter(HttpResponseHeadersFilter.java:173) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:645) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Unknown Source)