Parameter Tampering

Type: Active Scan

Risk: Medium

Description

Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.

Solution

Identify the cause of the error and fix it. Do not trust client side input and enforce a tight check in the server side. Besides, catch the exception properly. Use a generic 500 error page for internal server error.

CWE: 472

WASC: 20

Code

Last updated: 2020-04-30 16:12:39.623Z