Details
Alert ID 30002
Alert Type Active
Status release
Risk Medium
CWE 134
WASC 6
Technologies Targeted Language / C
Tags CWE-134
OWASP_2017_A01
OWASP_2021_A03
POLICY_API
POLICY_PENTEST
POLICY_QA_FULL
More Info Scan Rule Help

Summary

A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.

Solution

Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable.

Other Info

Potential Format String Error. The script closed the connection on a /%s.

References

Code

org/zaproxy/zap/extension/ascanrules/FormatStringScanRule.java