| Vulnerability Name | Classifications | Severity |
|---|---|---|
| Stack Trace Disclosure (Python) | PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Medium |
| Stack Trace Disclosure (RoR) | PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Medium |
| Stack Trace Disclosure (Ruby-Sinatra Framework) | PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Medium |
| Struts 2 Config Browser plugin enabled | CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N | Medium |
| Struts 2 Development Mode Enabled | CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N | Medium |
| Sublime SFTP Config File Detected | CWE-16, ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | Medium |
| TLS/SSL Certificate Key Size Too Small | CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | Medium |
| Unicode Transformation (Best-Fit Mapping) | CWE-20, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Medium |
| Unsafe value for session tracking in WEB-INF/web.xml | CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N | Medium |
| ViewState MAC Disabled | CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N | Medium |
| Weak Ciphers Enabled | PCI v3.2-6.5.4, CAPEC-217, CWE-327, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | Medium |
| WordPress Setup Configuration File | PCI v3.2-6.5.8, CAPEC-212, CWE-665, HIPAA-164.312(a)(1), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/CR:H/IR:H/AR:H/MAV:N/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:N | Medium |
| ZSH History File Detected | PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | Medium |
| .dockerignore File Detected | CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Low |
| .DS_Store File Found | PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5 | Low |
| (Deprecated) Version Disclosure (mod_ssl) | CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Apache Multiple Choices Enabled | CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Apache MultiViews Enabled | CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |
| ASP.NET ViewStateUserKey Is Not Set | CWE-16, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Autocomplete is Enabled | CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 | Low |
| AWS Dockerrun Configuration File Detected | CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Low |
| Backup File Disclosure | PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 | Low |
| Cookie Not Marked as HttpOnly | CAPEC-107, CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Cookie Not Marked as Secure | PCI v3.2-6.5.10, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | Low |
| Cookie Values Used in Anti-CSRF Token | CWE-352, HIPAA-164.306(a), ISO27001-A.14.1.2, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Cross-site Request Forgery | PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5 | Low |
| Cross-site Request Forgery in Login Form | PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5 | Low |
| Database Error Message Disclosure | PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Database Name Disclosure (Microsoft SQL Server) | PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Database Name Disclosure (MySQL) | PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Django Debug Mode Enabled | PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Docker Cloud Stack File Detected | CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Low |
| Docker Compose File Detected | CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Low |
| Dockerfile Detected | CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Low |
| Exception Report Disclosure (Tomcat) | PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Form Hijacking | CWE-20, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1 | Low |
| Information Disclosure (Microsoft Office) | PCI v3.2-6.5.5, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13 | Low |
| Information Disclosure (phpinfo()) | CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 | Low |
| Insecure Frame (External) | CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6 | Low |
| Insecure JSONP Endpoint | CWE-20, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1 | Low |
| Insecure Reflected Content | CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1 | Low |
| Internal IP Address Disclosure | CWE-200, ISO27001-A.18.1.4, OWASP 2013-A6, OWASP 2017-A3 | Low |
| Internal Server Error | CWE-550, ISO27001-A.14.1.2, WASC-13 | Low |
| Laravel Debug Mode Enabled | PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Laravel Environment Configuration File Detected | CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Microsoft IIS Log File Detected | PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 | Low |
| Microsoft Outlook Personal Folders File (.pst) Found | PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5 | Low |
| Misconfigured Access-Control-Allow-Origin Header | PCI v3.2-6.5.8, CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Misconfigured Frame | CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6 | Low |
| Misconfigured X-Frame-Options Header | CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Missing Content-Type Header | PCI v3.2-6.5.7, CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Missing X-Content-Type-Options Header | CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Missing X-Frame-Options Header | CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Multiple Declarations in X-Frame-Options Header | CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Open Redirection in POST method | CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, OWASP 2017-A5 | Low |
| Out-of-date Component ({applicationName}) | CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Passive Mixed Content over HTTPS | CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3 | Low |
| Passive Web Backdoor Detected | PCI v3.2-6.5.6, CWE-507, HIPAA-164.308(a), ISO27001-A.12.2.1, OWASP 2017-A10 | Low |
| Phishing by Navigating Browser Tabs | CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 | Low |
| PHP allow_url_fopen Is Enabled | CWE-16, OWASP 2013-A5, OWASP 2017-A6 | Low |
| PHP allow_url_include Is Enabled | CWE-16, OWASP 2013-A5, OWASP 2017-A6 | Low |
| PHP display_errors Is Enabled | CWE-211, OWASP 2013-A5, OWASP 2017-A6 | Low |
| PHP open_basedir Is Not Configured | CWE-16, OWASP 2013-A5, OWASP 2017-A6 | Low |
| phpinfo() Output Detected | CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 | Low |
| Programming Error Message | PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Programming Error Message (Ruby) | PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Prototype Pollution | PCI v3.2-6.5.7, CAPEC-180, CWE-1321, HIPAA-164.306(a), ISO27001-A.13.1.3, OWASP 2013-A9, OWASP 2017-A9 | Low |
| Reflected File Download | PCI v3.2-6.5.1, CAPEC-375, CWE-840, ISO27001-A.14.2.5, WASC-42, OWASP 2013-A1, OWASP 2017-A1 | Low |
| RoR Database Configuration File Detected | CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6 | Low |
| RoR Development Mode Enabled | PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Social Security Number Disclosure | PCI v3.2-6.5.3, CAPEC-118, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 | Low |
| Stack Trace Disclosure (Apache MyFaces) | PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Stack Trace Disclosure (Apache Shiro) | PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001- A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Stack Trace Disclosure (ASP.NET) | PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |
| Stack Trace Disclosure (CakePHP Framework) | PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 | Low |