|
|
Status: Draft Weakness ID: 598 (Weakness Variant)Description Summary The web application uses the GET method to process requests that contain sensitive information, which can expose that information through the browser's history, Referers, web logs, and other sources. Potential Mitigations When sensitive information is sent, use of the POST method is recommended (e.g. registration form). Other Notes At a minimum, attackers can garner information from query strings that can be utilized in escalating their method of attack, such as information about the internal workings of the application or database column names. Successful exploitation of query string parameter vulnerabilities could lead to an attacker impersonating a legitimate user, obtaining proprietary data, or simply executing actions not intended by the application developers. Relationships
Time of Introduction  Architecture and Design ImplementationContent History Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Potential_Mitigations, Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Relationships, Other_Notes Previous Entry Names Information Leak Through GET Request (changed 2008-04-11) |
|
|
|||
