Details
Alert ID 40008
Alert Type Active
Status release
Risk Medium
CWE 472
WASC 20
Technologies Targeted All
Tags CWE-472
OWASP_2017_A01
OWASP_2021_A04
POLICY_API
POLICY_DEV_FULL
POLICY_PENTEST
POLICY_QA_FULL
More Info Scan Rule Help

Summary

Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.

Solution

Identify the cause of the error and fix it. Do not trust client side input and enforce a tight check in the server side. Besides, catch the exception properly. Use a generic 500 error page for internal server error.

Other Info

References

Code

org/zaproxy/zap/extension/ascanrules/ParameterTamperScanRule.java