Details
Alert Id 40008
Alert Type Active
Status release
Risk Medium
CWE 472
WASC 20
Technologies Targeted All
Tags OWASP_2017_A01
OWASP_2021_A04

Summary

Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.

Solution

Identify the cause of the error and fix it. Do not trust client side input and enforce a tight check in the server side. Besides, catch the exception properly. Use a generic 500 error page for internal server error.

Other Info

References

Code

org/zaproxy/zap/extension/ascanrules/ParameterTamperScanRule.java