HTTP Parameter Pollution (HPP)

Low Severity Technical Guide

Vulnerability Description

HPP involves supplying multiple HTTP parameters with the same name. Different backend components might parse them differently, allowing attackers to bypass validation rules.

Remediation Guide

To resolve this vulnerability, follow these config changes or developer practices:

Enforce strict input validation policies. Check for duplicate parameter names and reject or securely sanitize parameters before using them.

Verify Your Fix

After applying the remediation, run an external attack-surface scan to verify that the vulnerability is no longer detected by WebScanify.

Is your website vulnerable?

Run a free security scan now to identify missing headers, outdated JS, and other deployment vulnerabilities.

HTTP Parameter Pollution (HPP)

Vulnerability Description

Remediation Guide

Verify Your Fix

Share this Guide

Is your website vulnerable?