ZAP – Big Redirect Detected (Potential Sensitive Information Leak)

Details
Alert ID	10044-1
Alert Type	Passive
Status	release
Risk	Low
CWE	201
WASC	13
Technologies Targeted	All
Tags	CWE-201 OWASP_2017_A03 OWASP_2021_A04 WSTG-V42-INFO-05
More Info	Scan Rule Help

Summary

The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.).

Solution

Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content.

Other Info

Location header URI length: 18 [http://example.com]. Predicted response size: 318. Response Body Length: 319.

References

Code

org/zaproxy/zap/extension/pscanrules/BigRedirectsScanRule.java