logo

HTTP Parameter Override

  • Risk:
  • Medium

  • Type:
  • Passive
Summary

Unspecified form action: HTTP parameter override attack potentially possible. This is a known problem with Java Servlets but other platforms may also be vulnerable.

Solution

All forms must specify the action URL.

References

https://download.oracle.com/javaee-archive/servlet-spec.java.net/jsr340-experts/att-0317/OnParameterPollutionAttacks.pdf

Free security scan for your website