HTTP to HTTPS Insecure Transition in Form Post

• 警报等级:

• Medium

• 警报类型:
• Passive

• CWE:
• CWE-319

摘要

This check looks for insecure HTTP pages that host HTTPS forms. The issue is that an insecure HTTP page can easily be hijacked through MITM and the secure HTTPS form can be replaced or spoofed.

解决方案

Use HTTPS for landing pages that host secure forms.

其他信息

The response to the following request over HTTP included an HTTPS form tag action attribute value: http://example.com The context was: <form name="someform" action="https://example.com/processform">