Details
Alert ID 10044-2
Alert Type Passive
Status release
Risk Low
CWE 201
WASC 13
Technologies Targeted All
Tags CWE-201
OWASP_2017_A03
OWASP_2021_A04
POLICY_PENTEST
WSTG-V42-INFO-05
More Info Scan Rule Help

Summary

The server has responded with a redirect that seems to contain multiple links. This may indicate that although the server sent a redirect it also responded with body content links (which may include sensitive details, PII, lead to admin panels, etc.).

Solution

Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content.

Other Info

The response contained 3 occurrences of "HREF".

References

Code

org/zaproxy/zap/extension/pscanrules/BigRedirectsScanRule.java