Details
Alert Id 30002
Alert Type Active
Status release
Risk Medium
CWE 134
WASC 6
Technologies Targeted Language / C
Tags CWE-134
OWASP_2017_A01
OWASP_2021_A03

Summary

A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.

Solution

Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable.

Other Info

Potential Format String Error. The script closed the connection on a /%s

References

Code

org/zaproxy/zap/extension/ascanrules/FormatStringScanRule.java