GET for POST
- Risk:
Informational
- Type:
- Active
- CWE:
- 16
- Summary
- A request that was originally observed as a POST was also accepted as a GET. This issue does not represent a security weakness unto itself, however, it may facilitate simplification of other attacks. For example if the original POST is subject to Cross-Site Scripting (XSS), then this finding may indicate that a simplified (GET based) XSS may also be possible.
- Solution
- Ensure that only POST is accepted where POST is expected.