Details | |
---|---|
Alert ID | 3-1 |
Alert Type | Passive |
Status | release |
Risk | Medium |
CWE | 200 |
WASC | 13 |
Technologies Targeted | All |
Tags |
CWE-200 OWASP_2017_A03 OWASP_2021_A01 WSTG-V42-SESS-04 |
More Info |
Scan Rule Help |
Summary
URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.