Vulnerabilities Archive | Page 2 of 20

Vulnerability Name	Classifications	Severity
Out of Band Code Execution via SSTI (Python Tornado)	PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Out of Band Command Injection	PCI v3.2-6.5.1, CAPEC-88, CWE-78, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-31, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Out of Band Remote File Inclusion	PCI v3.2-6.5.1, CAPEC-193, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Out of Band SQL Injection	PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Private Json Web Key Set Disclosure	CAPEC-118, CWE-200, ISO27001-A.18.1.4, WASC-13	Critical
Remote Code Execution (Spring4Shell)	PCI v3.2-6.5.1, CAPEC-242, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Critical
Remote Code Execution and DoS in HTTP.sys (IIS)	PCI v3.2-6.5.1, CAPEC-340, CWE-20, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-7, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C	Critical
Remote File Inclusion	PCI v3.2-6.5.1, CAPEC-193, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N	Critical
Server-Side Request Forgery (Equinix)	CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	Critical
Server-Side Request Forgery (Oracle Cloud)	CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	Critical
Server-Side Request Forgery (Packet Cloud)	CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	Critical
Server-Side Request Forgery (trace.axd)	PCI v3.2-6.5.6, CAPEC-347, CWE-918, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C	Critical
Server-Side Template Injection	PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Server-Side Template Injection (ASP.NET Razor)	PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Server-Side Template Injection (Java FreeMarker)	PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Server-Side Template Injection (Java Pebble)	PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Server-Side Template Injection (Java Velocity)	PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Server-Side Template Injection (JinJava)	PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Server-Side Template Injection (Node.js Dot)	PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Server-Side Template Injection (Node.js EJS)	PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	Critical
Server-Side Template Injection (Ruby ERB)	PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
SQL Injection	PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
SQL Injection (IAST)	PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	Critical
Text4Shell Remote Code Execution – (CVE-2022-42889)	PCI v3.2-6.5.1, CAPEC-242, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A03, OWASP 2017-A01, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Critical
TorchServe Management API SSRF (CVE-2023-43654)	CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6	Critical
VMware Aria Operations for Networks Remote Code Execution (CVE-2023-20887)	PCI v3.2-6.5.1, CAPEC-242, CWE-94, HIPAA-164.206(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1	Critical
Web Backdoor Detected	PCI v3.2-6.5.6, CAPEC-443, CWE-507, HIPAA-164.308(a), ISO27001-A.12.2.1, OWASP 2017-A10, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Critical
Web Cache Deception	PCI v3.2-2.2.3, CAPEC-CAPEC, ISO27001-A.14.1.3, WASC-6, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H	Critical
Arbitrary File Creation Detected	CWE-20, OWASP 2017-A5	High
Arbitrary File Deletion Detected	CWE-20, OWASP 2017-A5	High
ASP.NET Tracing Is Enabled	CWE-11, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N	High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)	PCI v3.2-6.5.1, CAPEC-114,115, CWE-287, HIPAA-164.306(a), ISO27001-A.13.1.1, WASC-1, OWASP 2013-A9, OWASP 2017-A9, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N	High
Backup Source Code Detected	PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	High
Basic Authorization over HTTP	PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	High
Blind Cross-site Scripting	PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	High
Blind MongoDB Injection	PCI v3.2-6.5.1, CWE-943, HIPAA-164.306(a), 164.308(a), OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	High
Boolean Based MongoDB Injection	PCI v3.2-6.5.1, CWE-943, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	High
Certificate is Signed Using a Weak Signature Algorithm	PCI v3.2-6.5.4, CAPEC-459, ISO27001-A.10, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N	High
Cross-site Scripting	PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N	High
Cross-site Scripting (DOM based)	PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N	High
Cross-site Scripting via File Upload	PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	High
Cross-site Scripting via Remote File Inclusion	PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	High
Database User Has Admin Privileges	PCI v3.2-6.5.6, CWE-267, ISO27001-A.9.2.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	High
Elmah.axd / Errorlog.axd Detected	PCI v3.2-6.5.6, CAPEC-347, CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C	High
Error-Based MongoDB Injection	PCI v3.2-6.5.1, CWE-943, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L	High
Expression Language Injection	PCI v3.2-6.5.1, CWE-20, HIPAA-164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	High
F5 Big-IP Local File Inclusion (CVE-2020-5902)	PCI v3.2-6.5.8, CAPEC-252, CWE-22, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	High
Insecure Transportation Security Protocol Supported (SSLv2)	PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C	High
Insecure Transportation Security Protocol Supported (TLS 1.0)	PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3	High
JBoss Web Console JMX Invoker	CWE-200, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	High
JWT Forgery via Chaining Jku Parameter with Open Redirect	CWE-347, OWASP 2017-A2, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	High
JWT Forgery via Path Traversal	CWE-22, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	High
JWT Forgery via SQL Injection	CWE-89, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	High
JWT Forgery via unvalidated jku parameter	CWE-639, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	High
JWT Signature Bypass via None Algorithm	CWE-287, OWASP 2017-A2, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	High
JWT Signature is not Verified	CWE-287, OWASP 2017-A2, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	High
Local File Inclusion	PCI v3.2-6.5.8, CAPEC-252, CWE-22, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	High
Local File Inclusion (IAST)	PCI v3.2-6.5.8, CAPEC-252, CWE-22, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	High
MongoDB Operator Injection	PCI v3.2-6.5.1, CWE-943, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	High
No SAML Response Signature Check	CWE-16, ISO27001-a.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	High
Oracle WebLogic Authentication Bypass (CVE-2020-14883)	CWE-288, OWASP 2013-A2, OWASP 2017-A2, CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	High
Out of Band SAML Consumer Service XML Entity Injection	PCI v3.2-6.5.1, CAPEC-376, CWE-611, HIPAA-164.306(a), 164.308(a), ISO27001-a.14.2.5, WASC-43, OWASP 2013-A1, OWASP 2017-A4, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H	High
Out of Band SAML Consumer Service XSLT Injection	PCI v3.2-6.5.1, CAPEC-376, CWE-611, HIPAA-164.306(a), 164.308(a), ISO27001-a.14.2.5, WASC-43, OWASP 2013-A1, OWASP 2017-A4, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H	High
Out of Band XML External Entity Injection	PCI v3.2-6.5.1, CAPEC-376, CWE-611, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-43, OWASP 2013-A1, OWASP 2017-A4, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H	High
Out-of-date Version (HSQLDB)	PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9	High
Out-of-date Version (Microsoft SQL Server)	PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9	High
Out-of-date Version (MySQL)	PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9	High
Out-of-date Version (Oracle)	PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9	High
Out-of-date Version (PostgreSQL)	PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9	High
Out-of-date Version (SQLite)	PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9	High
Password Transmitted over HTTP	PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	High
Progress MOVEit Transfer SQL Injection	PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	High
ROBOT Attack Detected (Strong Oracle)	PCI v3.2-6.5.4, CAPEC-217, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C	High
ROBOT Attack Detected (Weak Oracle)	PCI v3.2-6.5.4, CAPEC-217, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C	High
Ruby on Rails File Content Disclosure (CVE-2019-5418)	PCI v3.2-6.5.8, CAPEC-252, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	High

Out of Band Code Execution via SSTI (Python Tornado)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Command Injection

PCI v3.2-6.5.1, CAPEC-88, CWE-78, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-31, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Remote File Inclusion

PCI v3.2-6.5.1, CAPEC-193, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band SQL Injection

PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Private Json Web Key Set Disclosure

CAPEC-118, CWE-200, ISO27001-A.18.1.4, WASC-13

Critical

Remote Code Execution (Spring4Shell)

PCI v3.2-6.5.1, CAPEC-242, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Critical

Remote Code Execution and DoS in HTTP.sys (IIS)

PCI v3.2-6.5.1, CAPEC-340, CWE-20, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-7, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C

Critical

Remote File Inclusion

PCI v3.2-6.5.1, CAPEC-193, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Critical

Server-Side Request Forgery (Equinix)

CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Critical

Server-Side Request Forgery (Oracle Cloud)

CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Critical

Server-Side Request Forgery (Packet Cloud)

CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Critical

Server-Side Request Forgery (trace.axd)

PCI v3.2-6.5.6, CAPEC-347, CWE-918, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

Critical

Server-Side Template Injection