Vulnerability Name |
Classifications |
Severity |
Active Mixed Content over HTTPS
|
CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Medium
|
Anonymous Ciphers Supported
|
PCI v3.2-6.5.4, CAPEC-117, CWE-311, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N |
Medium
|
Apache Server-Info Detected
|
CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C |
Medium
|
Apache Server-Status Detected
|
CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C |
Medium
|
ASP.NET Cookieless Authentication Is Enabled
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6 |
Medium
|
ASP.NET Cookieless Session State Is Enabled
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6 |
Medium
|
ASP.NET CustomErrors Is Disabled
|
CWE-16, OWASP 2013-A6, OWASP 2017-A3 |
Medium
|
ASP.NET Login Credentials Stored In Plain Text
|
CWE-312, OWASP 2013-A6, OWASP 2017-A3 |
Medium
|
ASP.NET ValidateRequest Is Globally Disabled
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6 |
Medium
|
ASP.NET: Failure To Require SSL For Authentication Cookies
|
CWE-16, OWASP 2017-A6 |
Medium
|
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
Medium
|
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
Medium
|
Base Tag Hijacking
|
PCI v3.2-6.5.7, CAPEC-19, CWE-20, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Medium
|
BREACH Attack Detected
|
CWE-310, OWASP 2013-A9, OWASP 2017-A9, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Medium
|
Critical Form Send to HTTP
|
PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Medium
|
Critical Form Served over HTTP
|
PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Medium
|
Custom Error Pages Are Not Configured in WEB-INF/web.xml
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
Medium
|
CVS Detected
|
CAPEC-118, CWE-527, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Medium
|
Expired SSL Certificate
|
CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Medium
|
Express Development Mode Is Enabled
|
CWE-200, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Medium
|
Express express-session Weak Secret Key Detected
|
CWE-200, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
Medium
|
Frame Injection
|
PCI v3.2-6.5.1, CWE-601, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-38, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
Medium
|
GIT Detected
|
CAPEC-118, CWE-527, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
HTTP Header Injection
|
PCI v3.2-6.5.1, CAPEC-105, CWE-93, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-24, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Medium
|
HTTP Header Injection (IAST)
|
PCI v3.2-6.5.1, CAPEC-105, CWE-93, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-24, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Medium
|
HTTP Strict Transport Security (HSTS) Errors and Warnings
|
CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Medium
|
HTTP Strict Transport Security (HSTS) Policy Not Enabled
|
CAPEC-217, CWE-523, ISO27001-A.14.1.2, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L |
Medium
|
Insecure HTTP Usage
|
ISO27001-A.14.1.3, WASC-4, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Medium
|
Insecure Transportation Security Protocol Supported (SSLv3)
|
PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Medium
|
Invalid SSL Certificate
|
PCI v3.2-6.5.4, CAPEC-459, CWE-295, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Medium
|
Java Verb Tampering Via Misconfigured Security Constraint
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
Medium
|
JavaMelody Interface Detected
|
CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 |
Medium
|
JetBrains .idea Project Directory Detected
|
CAPEC-118, CWE-285, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Microsoft Access Database File Detected
|
PCI v3.2-6.5.8, CWE-285, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Medium
|
Node.js Web Application does not handle uncaughtException
|
CWE-248, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
Medium
|
Node.js Web Application does not handle unhandledRejection
|
CWE-248, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
Medium
|
Open Policy Crossdomain.xml Detected
|
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C |
Medium
|
Open Redirection
|
CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Medium
|
Open Redirection (DOM based)
|
CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N |
Medium
|
Open Silverlight Client Access Policy
|
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C |
Medium
|
Overly Long Session Timeout
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
Medium
|
Password Transmitted over Query String
|
PCI v3.2-6.5.4, CWE-598, ISO27001-A.14.2.5, WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Medium
|
PHP enable_dl Is Enabled
|
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Medium
|
PHP register_globals Is Enabled
|
CWE-473, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
Medium
|
PHP session.use_only_cookies Is Disabled
|
CWE-598, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Medium
|
PHP session.use_trans_sid Is Enabled
|
CWE-598, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Medium
|
Revoked SSL Certificate
|
CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Medium
|
RSA Private Key Detected
|
CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Medium
|
SAML Consumer Service KeyInfo RetrievalMethod SSRF
|
CWE-918, ISO27001-a.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Medium
|
SAML Consumer Service XSS Vulnerability
|
PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-a.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7 |
Medium
|
Sensitive Data Exposure
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Amazon AWS Access Key Id
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Amazon AWS Secret Key
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Amazon MWS Auth Token
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Amazon SES SMTP Password
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Consul Token
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Database Connection String – MongoDB – MySQL
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Database Connection String – PostgreSQL
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Devise Secret Key
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Facebook Access Token
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Facebook App ID
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Facebook App Secret
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Gitlab Personal Access Token
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Google Cloud API Key
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Google OAuth Access Token
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Heroku API Key
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – JDBC Database Connection String
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – LinkedIn API Key
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – MailChimp API Key
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – MailGun API Key
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Mapbox Token
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Nexmo Secret
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – NPM Access Token
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – NuGet API Key
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|
Sensitive Data Exposure – Omise Secret Key
|
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Medium
|