HTTP Parameter Override

Remediation

1. Specify explicit form actions: Ensure all HTML forms include explicit action attributes pointing to specific endpoints.
2. Implement parameter validation: Validate and sanitize all incoming parameters to prevent parameter pollution attacks.
3. Use framework protection: Leverage framework-specific protections against HTTP Parameter Pollution (HPP).
4. Review servlet configuration: For Java applications, review servlet parameter handling configurations.

About

HTTP Parameter Override vulnerabilities occur when applications fail to properly handle duplicate parameter names or when form actions are unspecified. This can lead to parameter pollution attacks where malicious users inject additional parameters to modify application behavior.

Risks

Medium Parameter override attacks can lead to authentication bypass, input validation circumvention, application logic manipulation, and potential privilege escalation depending on how the application processes the conflicting parameters.