Invicti

Web Application Vulnerabilities Index

This page lists vulnerabilities categorized as Medium severity that can be detected by Invicti.

Select Category

Critical

Select Vulnerability

Vulnerability Name

Classification

Severity

Sublime SFTP Config File Detected

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

,

CWE-16

,

ISO27001-A.18.1.3

,

OWASP 2013-A5

,

OWASP 2017-A6

,

WASC-15

,

Medium

TLS/SSL Certificate Key Size Too Small

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

,

CWE-295

,

OWASP 2017-A3

,

Medium

Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability

AV:N/AC:L/Au:N/C:N/I:N/A:P

,

CWE-CWE-400

,

Medium

Unicode Transformation (Best-Fit Mapping)

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

,

CWE-20

,

Medium

Unsafe value for session tracking in WEB-INF/web.xml

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

,

CWE-16

,

OWASP 2013-A5

,

OWASP 2017-A6

,

Medium

ViewState MAC Disabled

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

,

CWE-16

,

HIPAA-164.306(a)

,

164.308(a)

,

ISO27001-A.14.2.5

,

OWASP 2017-A6

,

WASC-15

,

Medium

Weak Ciphers Enabled

CAPEC-217

,

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

,

CWE-327

,

ISO27001-A.14.1.3

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.4

,

WASC-4

,

Medium

WordPress Setup Configuration File

CAPEC-212

,

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/CR:H/IR:H/AR:H/MAV:N/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:N

,

CWE-665

,

HIPAA-164.312(a)(1)

,

ISO27001-A.18.1.3

,

OWASP 2013-A5

,

OWASP 2017-A6

,

PCI v3.2-6.5.8

,

WASC-14

,

Medium

ZSH History File Detected

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

,

CWE-284

,

ISO27001-A.18.1.3

,

OWASP 2013-A7

,

OWASP 2017-A3

,

PCI v3.2-6.5.8

,

WASC-2

,

Medium