HTTP Parameter Override

Risk:
Medium

Type:
Passive

CWE:
20

Summary: Unspecified form action: HTTP parameter override attack potentially possible. This is a known problem with Java Servlets but other platforms may also be vulnerable.

Solution: All forms must specify the action URL.

References: https://download.oracle.com/javaee-archive/servlet-spec.java.net/jsr340-experts/att-0317/OnParameterPollutionAttacks.pdf