CWE-20 on ZAP

HTTP Parameter Override

Mon, 01 Jan 0001 00:00:00 +0000

Unspecified form action: HTTP parameter override attack potentially possible. This is a known problem with Java Servlets but other platforms may also be vulnerable.

HTTP Parameter Pollution

Mon, 01 Jan 0001 00:00:00 +0000

HTTP Parameter Pollution (HPP) attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. One consequence of HPP attacks is that the attacker can potentially override existing hard-coded HTTP parameters to modify the behavior of an application, bypass input validation checkpoints, and access and possibly exploit variables that may be out of direct reach.

Httpoxy - Proxy Header Misuse

Mon, 01 Jan 0001 00:00:00 +0000

The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments. This may allow attackers to:

Proxy the outgoing HTTP requests made by the web application
Direct the server to open outgoing connections to an address and port of their choosing or
Tie up server resources by forcing the vulnerable software to use a malicious proxy.

Relative Path Confusion

Mon, 01 Jan 0001 00:00:00 +0000

The web server is configured to serve responses to ambiguous URLs in a manner that is likely to lead to confusion about the correct “relative path” for the URL. Resources (CSS, images, etc.) are also specified in the page response using relative, rather than absolute URLs. In an attack, if the web browser parses the “cross-content” response in a permissive manner, or can be tricked into permissively parsing the “cross-content” response, using techniques such as framing, then the web browser may be fooled into interpreting HTML as CSS (or other content types), leading to an XSS vulnerability.

Relative Path Overwrite

Mon, 01 Jan 0001 00:00:00 +0000

Potential RPO (Relative Path Overwrite) found. RPO allows attackers to manipulate URLs to include unintended paths, potentially leading to the execution of malicious scripts or the disclosure of sensitive information.

Remote Code Execution - CVE-2012-1823

Mon, 01 Jan 0001 00:00:00 +0000

Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped “=” character, enabling arbitrary code execution. In this case, an operating system command was caused to be executed on the web server, and the results were returned to the web browser.

Review direct Axios destination usage

Mon, 01 Jan 0001 00:00:00 +0000

Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.

Generated by OWASP PTK SAST Module

Review EventSource constructor usage

Mon, 01 Jan 0001 00:00:00 +0000

Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.

Generated by OWASP PTK SAST Module

Review sendBeacon body content

Mon, 01 Jan 0001 00:00:00 +0000

Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.

Generated by OWASP PTK SAST Module

Review sendBeacon destination

Mon, 01 Jan 0001 00:00:00 +0000

Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.

Generated by OWASP PTK SAST Module

Source Code Disclosure - CVE-2012-1823

Mon, 01 Jan 0001 00:00:00 +0000

Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped “=” character, enabling PHP source code disclosure, and arbitrary code execution. In this case, the contents of the PHP file were served directly to the web browser. This output will typically contain PHP, although it may also contain straight HTML.

Suspicious Input Transformation - Arithmetic Evaluation

Mon, 01 Jan 0001 00:00:00 +0000

The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.

Suspicious Input Transformation - EL Evaluation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Expression Evaluation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Quote Consumption

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Template Evaluation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Unicode Byte Truncation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Unicode Case Conversion

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Unicode Combining Diacritic

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Unicode Normalisation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - URL Decoding Error

Mon, 01 Jan 0001 00:00:00 +0000

Tainted network destination URL

Mon, 01 Jan 0001 00:00:00 +0000

Detects client-side request destinations for beacon, EventSource, and Axios that can be influenced by attacker-controlled input.

Generated by OWASP PTK SAST Module

User Controllable Charset

Mon, 01 Jan 0001 00:00:00 +0000

This check looks at user-supplied input in query string parameters and POST data to identify where Content-Type or meta tag charset declarations might be user-controlled. Such charset declarations should always be declared by the application. If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks. For example, an attacker controlling the element charset value is able to declare UTF-7 and is also able to include enough user-controlled payload early in the HTML document to have it interpreted as UTF-7. By encoding their payload with UTF-7 the attacker is able to bypass any server-side XSS protections and embed script in the page.

User Controllable HTML Element Attribute (Potential XSS)

Mon, 01 Jan 0001 00:00:00 +0000

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

User Controllable JavaScript Event (XSS)

Mon, 01 Jan 0001 00:00:00 +0000