Details
Alert Id 40008
Alert Type Active Scan Rule
Status release
Risk Medium
CWE 472
WASC 20

Summary

Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.

Solution

Identify the cause of the error and fix it. Do not trust client side input and enforce a tight check in the server side. Besides, catch the exception properly. Use a generic 500 error page for internal server error.

References

Code

org/zaproxy/zap/extension/ascanrules/ParameterTamperScanRule.java