Details
Alert ID 10027
Alert Type Passive
Status release
Risk Informational
CWE 615
WASC 13
Technologies Targeted All
Tags CUSTOM_PAYLOADS
CWE-615
OWASP_2017_A03
OWASP_2021_A01
POLICY_PENTEST
WSTG-V42-INFO-05
More Info Scan Rule Help

Summary

The response appears to contain suspicious comments which may help an attacker.

Solution

Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.

Other Info

The following pattern was used: \bFIXME\b and was detected in likely comment: "<!-- FixMe: cookie: root=true; Secure -->", see evidence field for the suspicious comment/snippet.

References

Code

org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java