Details
Alert ID 10025
Alert Type Passive
Status release
Risk Informational
CWE 200
WASC 13
Technologies Targeted All
Tags CWE-200
OWASP_2017_A03
OWASP_2021_A01
More Info Scan Rule Help

Summary

The HTTP header may have leaked a potentially sensitive parameter to another domain. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.

Solution

Do not pass sensitive information in URIs.

Other Info

The URL in the HTTP referrer header field appears to contain US Social Security Number(s).

References

Code

org/zaproxy/zap/extension/pscanrules/InformationDisclosureReferrerScanRule.java