Details
Alert ID 90026
Alert Type Active
Status beta
Risk High
CWE
WASC
Technologies Targeted All
Tags OWASP_2017_A01
OWASP_2021_A03
More Info Scan Rule Help

Summary

An unintended SOAP operation was executed by the server.

Solution

If not required, the SOAPAction attribute should be disabled. If needed, the operation within the SOAPAction and the SOAP body should always be compared before executing any operation. Any mismatch should be regarded as an attack.

Other Info

An unintended SOAP operation was executed by the server.

References

Code

org/zaproxy/zap/extension/soap/SOAPActionSpoofingActiveScanRule.java