Those headers don't come from GWT itself, they've been added by the
application or some library/framework it uses on top of GWT. It looks like
that app is using something like gwt-dispatch, gwt-sl or spring4gwt or
something like that, but maybe homemade.
What I'd do to tell if they're actually
We have a web app (GWT 2.7 ) from a vendor and we don't have any source
codes.
Now we faced a vulnerability about *HTTP Method Override* for http header
below
*X-HTTP-METHOD*
*X-HTTP-Method-Override*
*X-METHOD-OVERRIDE*
Fortify WebInspect report
Attack Request:
POST