Details
Alert Id 10044
Alert Type Passive
Status release
Risk
CWE
WASC
Technologies Targeted All
Tags OWASP_2017_A03
OWASP_2021_A04
WSTG-V42-INFO-05

Summary

The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.).

Solution

Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/BigRedirectsScanRule.java