CWE-345 on ZAP /alerttags/cwe-345/ Recent content in CWE-345 on ZAP Hugo en-us Content-Type Header Empty /docs/alerts/10019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10019-2/ <p>The Content-Type header was either missing or empty.</p> Content-Type Header Missing /docs/alerts/10019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10019-1/ <p>The Content-Type header was either missing or empty.</p> JWT None Algorithm (Authorization header) /docs/alerts/200003-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-6/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT None Algorithm (Cookie) /docs/alerts/200003-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-4/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT None Algorithm (Form body param) /docs/alerts/200003-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-5/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT None Algorithm (JSON body) /docs/alerts/200003-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-7/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT Probe (Authorization + JWT cookies removed) /docs/alerts/200003-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-1/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT Probe (Authorization header removed) /docs/alerts/200003-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-2/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> JWT Probe (JWT cookies removed) /docs/alerts/200003-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200003-3/ <p>This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified</p> <p>Generated by OWASP PTK DAST Module</p> postMessage to cross-origin target with tainted payload /docs/alerts/210010-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210010-2/ <p>Tainted data sent via window.postMessage to a different origin.</p> <p>Generated by OWASP PTK IAST Module</p> postMessage to wildcard origin with tainted payload /docs/alerts/210010-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/210010-1/ <p>Tainted data sent via window.postMessage to wildcard &lsquo;*&rsquo; targetOrigin.</p> <p>Generated by OWASP PTK IAST Module</p> Sub Resource Integrity Attribute Missing /docs/alerts/90003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90003/ <p>The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.</p>