Details
Alert Id 40038
Alert Type Active
Status beta
Risk Medium
CWE
WASC
Technologies Targeted All
Tags OWASP_2017_A05
OWASP_2021_A01
WSTG-V42-ATHN-04

Summary

Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200).

Solution

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/ForbiddenBypassScanRule.java