Details
Alert ID 40038
Alert Type Active
Status beta
Risk Medium
CWE
WASC
Technologies Targeted All
Tags OWASP_2017_A05
OWASP_2021_A01
POLICY_QA_FULL
WSTG-V42-ATHN-04

Summary

Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200).

Solution

Other Info

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/ForbiddenBypassScanRule.java