CWE-598

Use of HTTP Request With Sensitive Query String

AI Translation Available

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

Status

draft

Abstraction

variant

Affected Platforms

Web Based Web Server

Technical Details

AI Translation

Common Consequences

confidentiality

Impacts

read application data

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation

Descriptions:

• When sending sensitive information, only include it in the request body or request headers instead of the query string. This may require avoiding use of GET requests.

AI Generated Translation

Common Consequences

riservatezza

Impacts

leggere dati applicazione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione

Descriptions:

• Quando si inviano informazioni sensibili, includerle solo nel corpo della richiesta o negli header della richiesta invece che nella stringa di query. Questo potrebbe richiedere di evitare l'uso di richieste GET.

CWE-598

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter