121 – HTTP parameter pollution

Description

The application allows extra parameters injection to HTTP communication protocol, this can cause unexpected behavior on the server.

Impact

- Make the application to read malicious parameters and have a wrong behavior. - Cause unexpected behaviors on the application.

Recommendation

Make validations to guarantee that the quantity of received parameters is equal to the expected parameters on the server.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): H
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 173 - Discard unsafe inputs
• 342 - Validate request parameters

Fixes

• Csharp
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/13