HTTP Parameter Override

Home/Alerts/Alert detail/

Risk:
Medium

Type:
Passive

CWE:
CWE-20

Summary: Unspecified form action: HTTP parameter override attack potentially possible. This is a known problem with Java Servlets but other platforms may also be vulnerable.

Solution: All forms must specify the action URL.

References: https://download.oracle.com/javaee-archive/servlet-spec.java.net/jsr340-experts/att-0317/OnParameterPollutionAttacks.pdf

Top Security News

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Truist Bank confirms breach after stolen data shows up on hacking forum

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

CISA proposes new security requirements to protect govt, personal data

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

DDoS site Dstat.cc seized and two suspects arrested in Germany

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Common Alerts

HighPath Traversal

LowFull Path Disclosure

InformationalBase64 Disclosure

InformationalStrict-Transport-Security Header on Plain HTTP Response

MediumCross-Domain Misconfiguration

HighSQL Injection - SQLite

MediumCORS Misconfiguration

InformationalImage Exposes Location or Privacy Data

InformationalCORS Header

LowCookie with SameSite Attribute None

Latest CVE List

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability

CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability

CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability

Common CWEs

CWE-455 Non-exit on Failed Initialization

CWE-148 Improper Neutralization of Input Leaders

CWE-626 Null Byte Interaction Error (Poison Null Byte)

CWE-797 Only Filtering Special Elements at an Absolute Position

CWE-576 EJB Bad Practices: Use of Java I/O

CWE-926 Improper Export of Android Application Components

CWE-561 Dead Code

CWE-548 Exposure of Information Through Directory Listing

CWE-278 Insecure Preserved Inherited Permissions

CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses

Free security scan for your website

Don't show website scan report rating on the leaderboard