Vulnerability Name |
Classifications |
Severity |
.dockerignore File Detected
|
CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N |
Low
|
.DS_Store File Found
|
PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5 |
Low
|
(Deprecated) Version Disclosure (mod_ssl)
|
CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Apache Multiple Choices Enabled
|
CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Apache MultiViews Enabled
|
CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
ASP.NET ViewStateUserKey Is Not Set
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Autocomplete is Enabled
|
CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
AWS Dockerrun Configuration File Detected
|
CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N |
Low
|
Backup File Disclosure
|
PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 |
Low
|
Cookie Not Marked as HttpOnly
|
CAPEC-107, CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Cookie Not Marked as Secure
|
PCI v3.2-6.5.10, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Low
|
Cookie Values Used in Anti-CSRF Token
|
CWE-352, HIPAA-164.306(a), ISO27001-A.14.1.2, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Cross-site Request Forgery
|
PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5 |
Low
|
Cross-site Request Forgery in Login Form
|
PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5 |
Low
|
Database Error Message Disclosure
|
PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Database Name Disclosure (Microsoft SQL Server)
|
PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Database Name Disclosure (MySQL)
|
PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Django Debug Mode Enabled
|
PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Docker Cloud Stack File Detected
|
CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N |
Low
|
Docker Compose File Detected
|
CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N |
Low
|
Dockerfile Detected
|
CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N |
Low
|
Exception Report Disclosure (Tomcat)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Form Hijacking
|
CWE-20, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1 |
Low
|
Information Disclosure (Microsoft Office)
|
PCI v3.2-6.5.5, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13 |
Low
|
Information Disclosure (phpinfo())
|
CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 |
Low
|
Insecure Frame (External)
|
CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6 |
Low
|
Insecure JSONP Endpoint
|
CWE-20, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1 |
Low
|
Insecure Reflected Content
|
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1 |
Low
|
Internal IP Address Disclosure
|
CWE-200, ISO27001-A.18.1.4, OWASP 2013-A6, OWASP 2017-A3 |
Low
|
Internal Server Error
|
CWE-550, ISO27001-A.14.1.2, WASC-13 |
Low
|
Laravel Debug Mode Enabled
|
PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Laravel Environment Configuration File Detected
|
CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Microsoft IIS Log File Detected
|
PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 |
Low
|
Microsoft Outlook Personal Folders File (.pst) Found
|
PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5 |
Low
|
Misconfigured Access-Control-Allow-Origin Header
|
PCI v3.2-6.5.8, CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Misconfigured Frame
|
CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6 |
Low
|
Misconfigured X-Frame-Options Header
|
CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Missing Content-Type Header
|
PCI v3.2-6.5.7, CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Missing X-Content-Type-Options Header
|
CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Missing X-Frame-Options Header
|
CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Multiple Declarations in X-Frame-Options Header
|
CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Open Redirection in POST method
|
CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, OWASP 2017-A5 |
Low
|
Out-of-date Component ({applicationName})
|
CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Passive Mixed Content over HTTPS
|
CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3 |
Low
|
Passive Web Backdoor Detected
|
PCI v3.2-6.5.6, CWE-507, HIPAA-164.308(a), ISO27001-A.12.2.1, OWASP 2017-A10 |
Low
|
Phishing by Navigating Browser Tabs
|
CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
PHP allow_url_fopen Is Enabled
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
PHP allow_url_include Is Enabled
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
PHP display_errors Is Enabled
|
CWE-211, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
PHP open_basedir Is Not Configured
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
phpinfo() Output Detected
|
CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 |
Low
|
Programming Error Message
|
PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Programming Error Message (Ruby)
|
PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Prototype Pollution
|
PCI v3.2-6.5.7, CAPEC-180, CWE-1321, HIPAA-164.306(a), ISO27001-A.13.1.3, OWASP 2013-A9, OWASP 2017-A9 |
Low
|
Reflected File Download
|
PCI v3.2-6.5.1, CAPEC-375, CWE-840, ISO27001-A.14.2.5, WASC-42, OWASP 2013-A1, OWASP 2017-A1 |
Low
|
RoR Database Configuration File Detected
|
CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
RoR Development Mode Enabled
|
PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Social Security Number Disclosure
|
PCI v3.2-6.5.3, CAPEC-118, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 |
Low
|
Stack Trace Disclosure (Apache MyFaces)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Stack Trace Disclosure (Apache Shiro)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001- A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Stack Trace Disclosure (ASP.NET)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Stack Trace Disclosure (CakePHP Framework)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Stack Trace Disclosure (CherryPy)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Stack Trace Disclosure (Grails)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Stack Trace Disclosure (GraphQL)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Stack Trace Disclosure (Node.js)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Stack Trace Disclosure (PHP)
|
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Struts2 Development Mode Enabled
|
PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Subresource Integrity (SRI) Hash Invalid
|
CWE-16, ISO27001-A.14.2.5, WASC-15 |
Low
|
TRACE/TRACK Method Detected
|
CAPEC-107, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Low
|
Unexpected Redirect Response Body (Two Responses)
|
CWE-698, ISO27001-A.14.2.5, WASC-25 |
Low
|
User Controllable Cookie
|
CWE-20, ISO27001-A.14.2.5, WASC-20 |
Low
|
Username Disclosure (Microsoft SQL Server)
|
PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3 |
Low
|
Username Disclosure (MySQL)
|
PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3 |
Low
|
Version Disclosure (AbanteCart)
|
CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 |
Low
|