Back to list
HTTP Parameter Pollution
Description
HTTP Parameter Pollution (HPP) is a vulnerability that occurs when an attacker manipulates HTTP request parameters by injecting multiple instances of the same parameter with different values. This can lead to unexpected behavior in the web application, such as bypassing input validation or manipulating server-side logic.
Remediation
To prevent HTTP Parameter Pollution vulnerabilities, ensure that your application only processes a single instance of each parameter or clearly defines how multiple instances should be handled. Validate and sanitize all input parameters, and consider using a web application firewall (WAF) to detect and block suspicious requests.
References
https://owasp.org/www-community/attacks/HTTP_Parameter_PollutionSeverity
MEDIUMOwasp
Code: A03:2021
Category: Injection
Classification
CWE-20
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
5.4
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
5.4