| Details | |
|---|---|
| Alert ID | 200017-1 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Low |
| CWE | 942 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-942 OWASP_2021_A05 TOOL_PTK |
Summary
Adds passive CORS posture checks: missing Vary: Origin for dynamic ACAO, and permissive allowed headers/methods.
Generated by OWASP PTK DAST Module
Solution
• Include Vary: Origin for dynamic CORS responses. • Restrict allowed methods/headers to what is necessary.Other Info
References
- https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/
- https://cwe.mitre.org/data/definitions/942.html