ES2512-5a5a0447 - Mod CWE-598 remove specific to GET request

[cmullaly-mitre]

Submission File: ES2512-5a5a0447-mod-CWE-598-remove-GET-specific.txt

ID: ES2512-5a5a0447

SUBMISSION DATE: 2025-12-27 03:58:02

NAME: Mod CWE-598 remove specific to GET request

DESCRIPTION:

Remove the overly specific "GET Request Method" from the CWE Name. The
currently documented Background Details and Common Consequences state the
risks of sensitive query strings being stored and shared in various places,
but this is not limited to GET requests since POST, DELETE, PUT, and other
request methods can still include sensitive data in query strings. Consider
naming "Use of HTTP Request With Sensitive Query Strings" instead. And in
the Potential Mitigations section consider replacing "use the POST method"
with "place sensitive data in the request body or appropriate request
headers" instead.

This weakness should not imply that using non-GET methods with sensitive
query strings is safe.

[stevechristeycoley]

ES2512-5a5a0447 has been assigned to a member of the CWE Content Team as part of Initial Review (Phase 3, Stage 1). The review process will analyze the submission for potential Submission problems and Scope exclusions.

We will provide feedback as soon as possible.

Depending on the results, the submission may then be moved to Phase 4, Stage 1 (Initial Consultation) or Phase 6, Stage 1 (Initial Acceptance).

More details are at:

https://cwe.mitre.org/community/submissions/guidelines.html