Details
Alert Id 10044
Alert Type Passive Scan Rule
Status beta
Risk
CWE
WASC

Summary

The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.).

Solution

Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content.

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/BigRedirectsScanRule.java