Web Application Vulnerabilities Index
This page lists all vulnerabilities that can be detected by Invicti.
| Vulnerability Name | Classifications | Severity |
|---|---|---|
| Bash Command Injection Vulnerability (Shellshock Bug) | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A9 | Critical |
| Blind Command Injection | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Blind SQL Injection | PCI v3.2-6.5.1; CAPEC-66; CWE-89; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-19; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Boolean Based SQL Injection | PCI v3.2-6.5.1; CAPEC-66; CWE-89; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-19; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (Apache Struts S02-53) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (Apache Struts) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (Apache Struts) S2-016 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (Apache Struts) S2-045 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (Apache Struts) S2-046 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (ASP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (Node.js) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (Perl) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (PHP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (PHP) - IAST | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (Python) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (RoR - JSON) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (RoR) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation (Ruby) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Evaluation via Local File Inclusion (PHP) | PCI v3.2-6.5.1; CAPEC-251; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via File Upload | PCI v3.2-6.5.1; CAPEC-210; CWE-94; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-42; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via Local File Inclusion | PCI v3.2-6.5.1; CAPEC-170; CWE-94; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (ASP.NET Razor) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Java FreeMarker) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Java Pebble) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Java Velocity) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (JinJava) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Node.js Dot) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Node.js EJS) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Node.js Marko) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Node.js Nunjucks) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Node.js Pug (Jade)) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (PHP Smarty) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (PHP Twig) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Python Jinja) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Python Mako) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Python Tornado) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Ruby ERB) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via SSTI (Ruby Slim) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Code Execution via WebDAV | PCI v3.2-6.5.8; CAPEC-17; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-17; OWASP 2017-A6 | Critical |
| Command Injection | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Command Injection (IAST) | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Drupal Core - Remote Code Execution (CVE-2019-6340) | PCI v3.2-6.5.1; CAPEC-242; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Malware Identified | CWE-506 | Critical |
| OpenSSL Heartbleed | PCI v3.2-6.5.2; CAPEC-216; CWE-119; ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A9 | Critical |
| Oracle WebLogic Remote Code Execution (CVE-2020-14882) | PCI v3.2-6.5.1; CAPEC-242; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (Apache Struts 2) | PCI v3.2-6.5.1; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (Apache Struts 2) S2-053 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (ASP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (Log4j) | PCI v3.2-6.5.1; CAPEC-23; CWE-502; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (Node.js) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (Perl) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (PHP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (Python) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (RoR - JSON) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (RoR) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Evaluation (Ruby) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Java FreeMarker) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Java Velocity) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Node.js Dot) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Node.js EJS) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Node.js Marko) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Node.js Nunjucks) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Node.js Pug (Jade)) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (PHP Smarty) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (PHP Twig) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Python Jinja) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Python Mako) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Code Execution via SSTI (Python Tornado) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Command Injection | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band Remote File Inclusion | PCI v3.2-6.5.1; CAPEC-193; CWE-98; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Out of Band SQL Injection | PCI v3.2-6.5.1; CAPEC-66; CWE-89; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-19; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Remote Code Execution (Spring4Shell) | PCI v3.2-6.5.1; CAPEC-242; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2017-A1 | Critical |
| Remote Code Execution and DoS in HTTP.sys (IIS) | PCI v3.2-6.5.1; CAPEC-340; CWE-20; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-7; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Remote File Inclusion | PCI v3.2-6.5.1; CAPEC-193; CWE-98; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Server-Side Request Forgery (Oracle Cloud) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Critical |
| Server-Side Request Forgery (Packet Cloud) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Critical |
| Server-Side Request Forgery (trace.axd) | PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Critical |
| Server-Side Template Injection | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Server-Side Template Injection (ASP.NET Razor) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Server-Side Template Injection (Java FreeMarker) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Server-Side Template Injection (Java Pebble) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Server-Side Template Injection (Java Velocity) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Server-Side Template Injection (JinJava) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Server-Side Template Injection (Node.js Dot) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Server-Side Template Injection (Node.js EJS) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Server-Side Template Injection (Ruby ERB) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| SQL Injection (IAST) | PCI v3.2-6.5.1; CAPEC-66; CWE-89; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-19; OWASP 2013-A1; OWASP 2017-A1 | Critical |
| Web Backdoor Detected | PCI v3.2-6.5.6; CAPEC-443; CWE-507; HIPAA-164.308(a); ISO27001-A.12.2.1; OWASP 2017-A10 | Critical |
| Web Cache Deception | PCI v3.2-2.2.3; CAPEC-CAPEC; ISO27001-A.14.1.3; WASC-6; OWASP 2013-A5; OWASP 2017-A6 | Critical |
| Arbitrary File Creation Detected | CWE-20; OWASP 2017-A5 | High |
| Arbitrary File Deletion Detected | CWE-20; OWASP 2017-A5 | High |
| ASP.NET Tracing Is Enabled | CWE-11; OWASP 2013-A5; OWASP 2017-A6 | High |
| Backup Source Code Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-530; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | High |
| Basic Authorization over HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
| Blind Cross-site Scripting | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
| Certificate is Signed Using a Weak Signature Algorithm | PCI v3.2-6.5.4; CAPEC-459; ISO27001-A.10; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
| Cross-site Scripting | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
| Cross-site Scripting (DOM based) | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
| Cross-site Scripting via File Upload | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
| Cross-site Scripting via Remote File Inclusion | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
| Database User Has Admin Privileges | PCI v3.2-6.5.6; CWE-267; ISO27001-A.9.2.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | High |
| Elmah.axd / Errorlog.axd Detected | PCI v3.2-6.5.6; CAPEC-347; CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
| Expression Language Injection | PCI v3.2-6.5.1; CWE-20; HIPAA-164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | High |
| F5 Big-IP Local File Inclusion (CVE-2020-5902) | PCI v3.2-6.5.8; CAPEC-252; CWE-22; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 | High |
| Insecure Transportation Security Protocol Supported (SSLv2) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
| JWT Forgery via Chaining Jku Parameter with Open Redirect | CWE-347; OWASP 2017-A2 | High |
| JWT Forgery via Path Traversal | CWE-22; OWASP 2017-A1 | High |
| JWT Forgery via SQL Injection | CWE-89; OWASP 2017-A1 | High |
| JWT Forgery via unvalidated jku parameter | CWE-22; OWASP 2017-A1 | High |
| JWT Signature Bypass via None Algorithm | CWE-347; OWASP 2017-A2 | High |
| JWT Signature is not Verified | CWE-347; OWASP 2017-A2 | High |
| Local File Inclusion | PCI v3.2-6.5.8; CAPEC-252; CWE-22; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 | High |
| Local File Inclusion (IAST) | PCI v3.2-6.5.8; CAPEC-252; CWE-22; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 | High |
| Oracle WebLogic Authentication Bypass (CVE-2020-14883) | CWE-288; OWASP 2013-A2; OWASP 2017-A2 | High |
| Out of Band XML External Entity Injection | PCI v3.2-6.5.1; CAPEC-376; CWE-611; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-43; OWASP 2013-A1; OWASP 2017-A4 | High |
| Out-of-date Version (Microsoft SQL Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 | High |
| Out-of-date Version (MySQL) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 | High |
| Out-of-date Version (Oracle) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 | High |
| Out-of-date Version (PostgreSQL) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 | High |
| Password Transmitted over HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
| ROBOT Attack Detected (Strong Oracle) | PCI v3.2-6.5.4; CAPEC-217; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
| ROBOT Attack Detected (Weak Oracle) | PCI v3.2-6.5.4; CAPEC-217; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
| Ruby on Rails File Content Disclosure (CVE-2019-5418) | PCI v3.2-6.5.8; CAPEC-252; CWE-98; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 | High |
| Server-Side Request Forgery (Apache Server Status) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
| Server-Side Request Forgery (AWS) | CWE-918; ISO27001-A.14.2.5; OWASP 2017-A5 | High |
| Server-Side Request Forgery (elmah MVC) | PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
| Server-Side Request Forgery (elmah) | PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
| Server-Side Request Forgery (MySQL) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
| Server-Side Request Forgery (SSH) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
| Session Cookie Not Marked as Secure | PCI v3.2-6.5.10; CAPEC-102; CWE-614; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A6; OWASP 2017-A3 | High |
| SVN Detected | CAPEC-118; CWE-527; ISO27001-A.9.4.1; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | High |
| Trace.axd Detected | PCI v3.2-6.5.6; CAPEC-347; CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
| Unrestricted File Upload | PCI v3.2-6.5.1; CWE-434; ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | High |
| Weak Basic Authentication Credentials | PCI v3.2-6.5.10; CAPEC-16; CWE-521; ISO27001-A.9.4.3; WASC-15; OWASP 2013-A6; OWASP 2017-A3 | High |
| Weak Secret is Used to Sign JWT | CWE-347; OWASP 2017-A2 | High |
| WebDAV Directory Has Write Permissions | PCI v3.2-6.5.8; CWE-732; ISO27001-A.9.4.1; WASC-17; OWASP 2017-A6 | High |
| XML External Entity Injection | PCI v3.2-6.5.1; CAPEC-376; CWE-611; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-43; OWASP 2013-A1; OWASP 2017-A4 | High |
| Active Mixed Content over HTTPS | CWE-319; ISO27001-A.14.1.3; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| Anonymous Ciphers Supported | PCI v3.2-6.5.4; CAPEC-117; CWE-311; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| Apache Server-Info Detected | CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Apache Server-Status Detected | CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| ASP.NET Cookieless Authentication Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| ASP.NET Cookieless Session State Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| ASP.NET CustomErrors Is Disabled | CWE-16; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| ASP.NET Login Credentials Stored In Plain Text | CWE-312; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| ASP.NET ValidateRequest Is Globally Disabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| ASP.NET: Failure To Require SSL For Authentication Cookies | CWE-16; OWASP 2017-A6 | Medium |
| Axis Development Mode Enabled in WEB-INF/server-config.wsdd | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Axis system configuration listing enabled in WEB-INF/server-config.wsdd | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Base Tag Hijacking | PCI v3.2-6.5.7; CAPEC-19; CWE-20; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | Medium |
| BREACH Attack Detected | CWE-310; OWASP 2013-A9; OWASP 2017-A9 | Medium |
| Critical Form Send to HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| Critical Form Served over HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| Custom Error Pages Are Not Configured in WEB-INF/web.xml | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| CVS Detected | CAPEC-118; CWE-527; ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Expired SSL Certificate | CWE-295; OWASP 2017-A3 | Medium |
| Express Development Mode Is Enabled | CWE-200; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Express express-session Weak Secret Key Detected | CWE-200; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Frame Injection | PCI v3.2-6.5.1; CWE-601; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-38; OWASP 2013-A1; OWASP 2017-A1 | Medium |
| GIT Detected | CAPEC-118; CWE-527; ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| HTTP Header Injection | PCI v3.2-6.5.1; CAPEC-105; CWE-93; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-24; OWASP 2013-A1; OWASP 2017-A1 | Medium |
| HTTP Header Injection (IAST) | PCI v3.2-6.5.1; CAPEC-105; CWE-93; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-24; OWASP 2013-A1; OWASP 2017-A1 | Medium |
| HTTP Strict Transport Security (HSTS) Errors and Warnings | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| HTTP Strict Transport Security (HSTS) Policy Not Enabled | CAPEC-217; CWE-523; ISO27001-A.14.1.2; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| Insecure HTTP Usage | ISO27001-A.14.1.3; WASC-4; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Insecure Transportation Security Protocol Supported (SSLv3) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| Invalid SSL Certificate | PCI v3.2-6.5.4; CAPEC-459; CWE-295; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| Java Verb Tampering Via Misconfigured Security Constraint | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Microsoft Access Database File Detected | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 | Medium |
| Node.js Web Application does not handle uncaughtException | CWE-248; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Node.js Web Application does not handle unhandledRejection | CWE-248; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Open Policy Crossdomain.xml Detected | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Open Redirection | CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10 | Medium |
| Open Redirection (DOM based) | CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10 | Medium |
| Open Silverlight Client Access Policy | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Overly Long Session Timeout | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Password Transmitted over Query String | PCI v3.2-6.5.4; CWE-598; ISO27001-A.14.2.5; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| PHP enable_dl Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| PHP register_globals Is Enabled | CWE-473; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| PHP session.use_only_cookies Is Disabled | CWE-598; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| PHP session.use_trans_sid Is Enabled | CWE-598; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Revoked SSL Certificate | CWE-295; OWASP 2017-A3 | Medium |
| RSA Private Key Detected | CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| Server-Side Request Forgery | CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Medium |
| Server-Side Request Forgery (Time Based) | CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Medium |
| Source Code Disclosure (ASP.NET) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (ColdFusion) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (Generic) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (Java Servlet) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (Java) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (JSP) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (Perl) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (PHP) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (Python) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (Ruby) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Source Code Disclosure (Tomcat) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
| Spring Boot Misconfiguration: Actuator endpoint security disabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Boot Misconfiguration: Admin MBean enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Boot Misconfiguration: Datasource credentials stored in the properties file | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Boot Misconfiguration: Developer tools enabled on production | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Boot Misconfiguration: H2 console enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Boot Misconfiguration: MongoDB credentials stored in the properties file | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Boot Misconfiguration: Overly long session timeout | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Boot Misconfiguration: Unsafe value for session tracking | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Spring Misconfiguration: HTML Escaping disabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| SQLite Database File Found | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 | Medium |
| SSL Certificate Is About To Expire | CWE-295; OWASP 2017-A3 | Medium |
| SSL Certificate Name Hostname Mismatch | CWE-295; OWASP 2017-A3 | Medium |
| SSL Untrusted Root Certificate | CWE-295; OWASP 2017-A3 | Medium |
| SSL/TLS Not Implemented | PCI v3.2-6.5.4; CAPEC-217; CWE-311; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| Stack Trace Disclosure (ColdFusion) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Stack Trace Disclosure (Django) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Stack Trace Disclosure (Java) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Stack Trace Disclosure (Laravel) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Stack Trace Disclosure (Python) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Stack Trace Disclosure (RoR) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Stack Trace Disclosure (Ruby-Sinatra Framework) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Struts 2 Config Browser plugin enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Struts 2 Development Mode Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Sublime SFTP Config File Detected | CWE-16; ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| Unicode Transformation (Best-Fit Mapping) | CWE-20 | Medium |
| Unsafe value for session tracking in WEB-INF/web.xml | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| ViewState MAC Disabled | CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2017-A6 | Medium |
| Weak Ciphers Enabled | PCI v3.2-6.5.4; CAPEC-217; CWE-327; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
| WordPress Setup Configuration File | PCI v3.2-6.5.8; CAPEC-212; CWE-665; HIPAA-164.312(a)(1); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
| ZSH History File Detected | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 | Medium |
| .DS_Store File Found | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A5 | Low |
| Apache Multiple Choices Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Apache MultiViews Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| ASP.NET ViewStateUserKey Is Not Set | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Autocomplete is Enabled | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Backup File Disclosure | PCI v3.2-6.5.8; CAPEC-87; CWE-530; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Low |
| Cookie Not Marked as HttpOnly | CAPEC-107; CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Cookie Not Marked as Secure | PCI v3.2-6.5.10; CAPEC-102; CWE-614; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A6; OWASP 2017-A3 | Low |
| Cookie Values Used in Anti-CSRF Token | CWE-352; HIPAA-164.306(a); ISO27001-A.14.1.2; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Cross-site Request Forgery | PCI v3.2-6.5.9; CAPEC-62; CWE-352; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-9; OWASP 2013-A8; OWASP 2017-A5 | Low |
| Cross-site Request Forgery in Login Form | PCI v3.2-6.5.9; CAPEC-62; CWE-352; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-9; OWASP 2013-A8; OWASP 2017-A5 | Low |
| Database Error Message Disclosure | PCI v3.2-6.5.5; CAPEC-118; CWE-210; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Database Name Disclosure (Microsoft SQL Server) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Database Name Disclosure (MySQL) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Django Debug Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Exception Report Disclosure (Tomcat) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Form Hijacking | CWE-20; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Low |
| Information Disclosure (Microsoft Office) | PCI v3.2-6.5.5; CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13 | Low |
| Insecure Frame (External) | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2017-A6 | Low |
| Insecure JSONP Endpoint | CWE-20; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A1 | Low |
| Insecure Reflected Content | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A1 | Low |
| Insecure Transportation Security Protocol Supported (TLS 1.0) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Low |
| Internal IP Address Disclosure | CWE-200; ISO27001-A.18.1.4; OWASP 2013-A6; OWASP 2017-A3 | Low |
| Internal Server Error | CWE-550; ISO27001-A.14.1.2; WASC-13 | Low |
| Laravel Debug Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.14.1.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Laravel Environment Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Microsoft IIS Log File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Low |
| Microsoft Outlook Personal Folders File (.pst) Found | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A5 | Low |
| Misconfigured Access-Control-Allow-Origin Header | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Misconfigured Frame | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2017-A6 | Low |
| Misconfigured X-Frame-Options Header | CAPEC-103; CWE-693; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Missing Content-Type Header | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Missing X-Frame-Options Header | CAPEC-103; CWE-693; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Multiple Declarations in X-Frame-Options Header | CAPEC-103; CWE-693; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Open Redirection in POST method | CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10; OWASP 2017-A5 | Low |
| Out-of-date Component ({applicationName}) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Passive Mixed Content over HTTPS | CWE-319; ISO27001-A.14.1.3; OWASP 2013-A6; OWASP 2017-A3 | Low |
| Passive Web Backdoor Detected | PCI v3.2-6.5.6; CWE-507; HIPAA-164.308(a); ISO27001-A.12.2.1; OWASP 2017-A10 | Low |
| Phishing by Navigating Browser Tabs | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
| PHP allow_url_fopen Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
| PHP allow_url_include Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
| PHP display_errors Is Enabled | CWE-211; OWASP 2013-A5; OWASP 2017-A6 | Low |
| PHP open_basedir Is Not Configured | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
| phpinfo() Output Detected | CAPEC-346; CWE-213; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Low |
| Programming Error Message | PCI v3.2-6.5.5; CAPEC-118; CWE-210; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Programming Error Message (Ruby) | PCI v3.2-6.5.5; CAPEC-118; CWE-210; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Reflected File Download | PCI v3.2-6.5.1; CAPEC-375; CWE-840; ISO27001-A.14.2.5; WASC-42; OWASP 2013-A1; OWASP 2017-A1 | Low |
| RoR Database Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
| RoR Development Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.14.1.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Social Security Number Disclosure | PCI v3.2-6.5.3; CAPEC-118; CWE-213; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Low |
| Stack Trace Disclosure (Apache MyFaces) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Stack Trace Disclosure (ASP.NET) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Stack Trace Disclosure (CakePHP Framework) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Stack Trace Disclosure (CherryPy) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Stack Trace Disclosure (Grails) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Struts2 Development Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Subresource Integrity (SRI) Hash Invalid | CWE-16; ISO27001-A.14.2.5; WASC-15 | Low |
| TRACE/TRACK Method Detected | CAPEC-107; CWE-16; ISO27001-A.14.1.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Unexpected Redirect Response Body (Two Responses) | CWE-698; ISO27001-A.14.2.5; WASC-25 | Low |
| User Controllable Cookie | CWE-20; ISO27001-A.14.2.5; WASC-20 | Low |
| Username Disclosure (Microsoft SQL Server) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.4; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Low |
| Username Disclosure (MySQL) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.4; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Low |
| Version Disclosure (Apache Coyote) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Apache Module) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Apache Traffic Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Apache) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Artifactory DevOps Solution) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (ASP.NET MVC) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (ASP.NET) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Atlassian Confluence) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Atlassian Jira) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Atlassian Proxy) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Axway SecureTransport Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (CakePHP Framework) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Cherokee) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (CherryPy) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Cowboy HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Daiquiri) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Django) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (FrontPage) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (GlassFish) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Grafana) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Gunicorn Python WSGI HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Hiawatha) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (IBM HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (IBM Rational Team Concert (RTC)) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (IBM Security Access Manager (WebSEAL)) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (IIS) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Java Servlet) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Java) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (JBoss) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Jenkins) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Jetty) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Jolokia) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (JSP) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Kong) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Liferay Digital Experience Platform) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Liferay Portal) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Lighttpd) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (mod_ssl) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Mongrel Web Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Next.js React Framework) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Nexus Repository OSS) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Nginx) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (NuSOAP) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (OpenResty) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (OpenSSL) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Oracle) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Perl) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (PHP) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (phpMyAdmin) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Phusion Passenger) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Plone CMS) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Python WSGIserver) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Python) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Resin Application Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Restlet Framework) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (RoR) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Ruby) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (RubyGems) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (SharePoint) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Squid) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Sugar CRM) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Taleo Web Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Telerik Web UI) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Tomcat) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Tornado) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Trac Software Project Management Tool) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Tracy Debugging Tool) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (TwistedWeb HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Undertow Web Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (W3 Total Cache) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (WebLogic) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (WEBrick) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Werkzeug Python WSGI Library) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Version Disclosure (Zope) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
| ViewState is not Encrypted | CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2017-A6 | Low |
| Windows Short Filename | PCI v3.2-6.5.8; CAPEC-87; CWE-538; HIPAA-164.306(a), 164.308(a); ISO27001-A.8.2.3; WASC-34; OWASP 2013-A7; OWASP 2017-A6 | Low |
| Windows Username Disclosure | PCI v3.2-6.5.5; CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Low |
| WP Engine Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
| Content Security Policy (CSP) Not Implemented | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
| Insecure Transportation Security Protocol Supported (TLS 1.1) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Best Practice |
| Missing X-XSS-Protection Header | CWE-16; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-15 | Best Practice |
| Referrer-Policy Not Implemented | CWE-200; ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A3 | Best Practice |
| SameSite Cookie Not Implemented | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
| SameSite None Cookie Not Marked as Secure | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
| Subresource Integrity (SRI) Not Implemented | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
| .htaccess File Detected | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Information |
| aah Go Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| AbanteCart Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Adminer Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
| Administration Page Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.1; WASC-34; OWASP PC-C6; OWASP 2013-A7; OWASP 2017-A5 | Information |
| Ampache Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| An Unsafe Content Security Policy (CSP) Directive in Use | CWE-16; ISO27001-A.14.2.5; WASC-15 | Information |
| Apache Coyote Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Apache Module Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Apache Traffic Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Apache Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Apple’s App-Site Association (AASA) Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
| Artifactory DevOps Solution Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| ASP.NET Debugging Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP PC-C7; OWASP 2013-A5; OWASP 2017-A6 | Information |
| ASP.NET Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| ASP.NET MVC Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Atlassian Confluence Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Atlassian Jira Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Atlassian Proxy Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| ATutor Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Authorization Required | ISO27001-A.9.4.1 | Information |
| Autocomplete Enabled (Password Field) | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| AWStats Detected | CAPEC-224; CWE-205; ISO27001-A.14.2.5; WASC-45; OWASP PC-C6; OWASP 2017-A6 | Information |
| Axway SecureTransport Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| b2evolution Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Basic Authorization Required | ISO27001-A.9.4.1 | Information |
| BitNinja Captcha Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Bomgar Remote Support Software Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Caddy Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| CakePHP Framework Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| CDN Detected (Airee) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Akamai) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Arvan Cloud) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Azure CDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (CDN77) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Fastly) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Fireblade) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Google Cloud CDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Incapsula) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (KeyCDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (MaxCDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Netlify) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (PowerCDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Qrator) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (Sucuri) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| CDN Detected (West263) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| Chamilo Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Cherokee Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| CherryPy Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Claroline Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| ClipBucket Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Collabtive Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Concrete5 Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Configuration File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Information |
| contao Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Content Security Policy (CSP) Contains Out of Scope report-uri Domain | ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A3 | Information |
| Content Security Policy (CSP) Keywords Not Used Within Single Quotes | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Content Security Policy (CSP) Nonce Without Matching Script Block | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Content Security Policy (CSP) report-uri Uses HTTP | ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A3 | Information |
| Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Coppermine Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Cowboy HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Craft CMS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Credit Card Disclosure | PCI v3.2-6.5.3; CAPEC-118; CWE-213; ISO27001-A.18.1.4; WASC-13; OWASP PC-C7; OWASP 2013-A6; OWASP 2017-A3 | Information |
| Crossdomain.xml Detected | ISO27001-A.12.5.1; OWASP PC-C6 | Information |
| Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy | CWE-200; ISO27001-A.14.2.5; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy | CWE-200; ISO27001-A.14.1.2; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy | CWE-200; ISO27001-A.14.1.2; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy | CWE-200; ISO27001-A.14.1.2; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy | CWE-200; ISO27001-A.14.2.5; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
| CrushFTP Server Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| CubeCart Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Daiquiri Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| data: Used in a Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
| Database Connection String Detected | CWE-16; HIPAA-164.306(a); ISO27001-A.18.1.3; WASC-15; OWASP PC-C7; OWASP 2013-A5; OWASP 2017-A3 | Information |
| Database Detected (HsqlDb) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| Database Detected (Microsoft Access) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| Database Detected (Microsoft SQL Server) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| Database Detected (MySQL) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| Database Detected (Oracle) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| Database Detected (PostgreSQL) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| DataDome Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| DbNinja Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
| Default Page Detected (Apache) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| Default Page Detected (CakePHP Framework) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| Default Page Detected (IIS 10.0) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| Default Page Detected (IIS 6) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| Default Page Detected (IIS 7) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| Default Page Detected (IIS 7.5) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| Default Page Detected (IIS 7.X) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| Default Page Detected (IIS 8) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| Default Page Detected (IIS 8.5) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| Default Page Detected (Tomcat) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
| default-src Used in Content Security Policy (CSP) | ISO27001-A.14.2.5; OWASP PC-C9 | Information |
| Denial of Service (MySQL) | CWE-400; ISO27001-A.14.1.2; WASC-10; OWASP PC-C9 | Information |
| Deprecated Header Instruction Used to Implement Content Security Policy (CSP) | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP PC-C9 | Information |
| Digest Authorization Required | ISO27001-A.9.4.1 | Information |
| Directory Listing (Apache) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Directory Listing (ASP.NET Server) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Directory Listing (IIS) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Directory Listing (Lighttpd) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Directory Listing (LiteSpeed) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Directory Listing (Nginx) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Directory Listing (Tomcat) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Directory Listing (WebDAV) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Disabled X-XSS-Protection Header | CWE-693; ISO27001-A.14.1.2; WASC-15; OWASP PC-C9 | Information |
| Django Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| DokuWiki Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Dolibarr Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Dolphin Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| DotClear Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Drupal Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| e107 Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Elgg Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Email Address Disclosure | CAPEC-118; CWE-200; ISO27001-A.9.4.1; WASC-13; OWASP PC-C7 | Information |
| EspoCRM Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| ExpressJS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Family Connections Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| File Upload Functionality Detected | ISO27001-A.8.1.1; OWASP PC-C4 | Information |
| FluxBB Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Forbidden Resource | ISO27001-A.8.1.1; OWASP PC-C8 | Information |
| Form Tools Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Front Accounting Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| FrontPage Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Generic Email Address Disclosure | CAPEC-118; CWE-200; ISO27001-A.18.1.4; WASC-13; OWASP PC-C7 | Information |
| GibbonEdu Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| GlassFish Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Grafana Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| GraphQL Endpoint Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Apollo) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Ariadne) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Dgraph) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Directus) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (GqlGen) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Graphene) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (GraphQL API for Wordpress) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Graphql-Go) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (graphql-java) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (graphql-php) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Hasura) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Juniper) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Ruby-graphql) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Sangria) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (Tartiflette) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| GraphQL Library Detected (WPGraphQL) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
| Gunicorn Python WSGI HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Hesk Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Hiawatha Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| HTTP Strict Transport Security (HSTS) Max-Age Value Too Low | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP PC-C1 | Information |
| HTTP Strict Transport Security (HSTS) via HTTP | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP PC-C10; OWASP 2017-A6 | Information |
| HubSpot Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| IBM Business Process Manager (BPM) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| IBM HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| IBM Rational Team Concert (RTC) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| IBM Security Access Manager (WebSEAL) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| IIS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Incorrect Content Security Policy (CSP) Implementation | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Insecure Protocol Detected in Content Security Policy (CSP) | CWE-319; ISO27001-A.14.2.5 | Information |
| Installation File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Information |
| Intermediate Certificate is Signed Using a Weak Signature Algorithm | CAPEC-459; ISO27001-A.10; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Information |
| Internal Path Disclosure (*nix) | CAPEC-118; CWE-200; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.1; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Internal Path Disclosure (Windows) | CAPEC-118; CWE-200; HIPAA-164.306(a), 164.308(a); ISO27001-A.8.1.1; WASC-13; OWASP PC-C7 | Information |
| Invalid Content Security Policy (CSP) Directive Identified in meta Elements | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Java Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Java Servlet Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| JBoss Application Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| JBoss Core Services Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| JBoss Enterprise Application Platform Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Jenkins Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Jetty Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Jolokia Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Joomla Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| JSP Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Kestrel Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Kong Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Liferay Digital Experience Platform Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Liferay Portal Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Lighthouse Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Lighttpd Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| LimeSurvey Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| LiteSpeed Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Log File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C6; OWASP 2013-A7; OWASP 2017-A5 | Information |
| Login Page Identified | OWASP PC-C6 | Information |
| Magento Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Mashery Proxy Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| MediaWiki Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Mibew Messenger Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Mint Detected | CAPEC-224; CWE-205; ISO27001-A.14.2.5; WASC-45; OWASP PC-C7; OWASP 2017-A6 | Information |
| Missing object-src in CSP Declaration | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP PC-C9 | Information |
| MODX Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Mongrel Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Moodle Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Multiple Content Security Policy (CSP) Implementation Detected | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP PC-C9 | Information |
| MyBB Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Next.js React Framework Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Nexus Repository OSS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Nginx Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP) | ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Nonce Usage Detected in Content Security Policy (CSP) Directive | ISO27001-A.14.2.5; OWASP PC-C9 | Information |
| NTLM Authorization Required | ISO27001-A.9.4.1; OWASP PC-C6 | Information |
| NuSOAP Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Omeka Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| OpenCart Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| OpenResty Web Platform Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| OpenSearch.xml Detected | CWE-200; ISO27001-A.18.1.3; OWASP PC-C7 | Information |
| OpenSSL Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| OpenVPN Access Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| OPTIONS Method Enabled | CAPEC-107; CWE-16; ISO27001-A.14.1.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Oracle Application Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Oracle HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| osClass Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| osCommerce Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| osTicket Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Out-of-date (ASP.NET MVC) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date (FrontPage) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date (Mongrel) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date (Oracle Application Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date (Phusion Passenger) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date (SharePoint) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date (Taleo Web Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (AbanteCart) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Ampache) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (AngularJS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Apache Coyote) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Apache Traffic Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Apache) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Artifactory DevOps Solution) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (ASP.NET SignalR) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Atlassian Confluence) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Atlassian Jira) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Atlassian Proxy) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (ATutor) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (axios) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Axway SecureTransport Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (b2evolution) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Backbone.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (bluebird) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Bootbox.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Bootstrap 3 Date/Time Picker) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Bootstrap Toggle) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Bootstrap) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (CakePHP Framework) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Chamilo) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Chart.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Cherokee) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (CherryPy) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (CKEditor) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Claroline) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (ClipBucket) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Collabtive) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Concerte5) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (contao) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Coppermine) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Cowboy HTTP Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (CubeCart) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (D3.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Daiquiri) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (DataTables) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Django) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (DokuWiki) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Dolibarr) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Dolphin) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (DOMPurify) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (DotClear) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Drupal) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (DWR) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (e107) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (easyXDM) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (ef.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Elgg) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Ember.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (EspoCRM) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Ext JS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Fabric.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Family Connections) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (FancyBox) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Fingerprintjs2) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Flickity) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (FluxBB) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (FooTable) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Form Tools) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Foundation) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Front Accounting) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Fuel UX) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (GibbonEdu) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (GlassFish) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Google Charts) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Grafana) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (GSAP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Gunicorn Python WSGI HTTP Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Hammer.JS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Handlebars.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Hesk) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Hiawatha) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Highcharts) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (HTML5 Shiv) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (IBM HTTP Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (IBM Rational Team Concert (RTC)) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (IBM Security Access Manager (WebSEAL)) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (IIS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (ImagePicker) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Inferno) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Intro.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Ion.RangeSlider) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Java) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (JavaScript Cookie) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (JBoss) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Jenkins) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Jetty Web Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Jolokia) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Joomla) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jPlayer) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jQuery Mask) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jQuery Migrate) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jQuery Mobile) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jQuery UI Autocomplete) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jQuery UI Dialog) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jQuery UI Tooltip) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jQuery Validation) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jQuery) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (JSP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (jsTree) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Knockout Mapping) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Knockout) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Kong) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Lazy.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Leaflet) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Liferay Digital Experience Platform) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Liferay Portal) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Lightbox) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Lighttpd) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (LimeSurvey) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (List.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Lodash) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Magento) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; WASC-13; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Marionette.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Math.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (MathJax) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (MediaWiki) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Mibew Messenger) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Mithril) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Modernizr) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (MODX) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Moment.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Moodle) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (mustache.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (MyBB) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Next.js React Framework) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Nexus Repository OSS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Nginx) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; WASC-13; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (NuSOAP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; WASC-13; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Omeka) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (OpenCart) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (OpenResty) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (OpenSSL) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (osClass) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (osCommerce) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (osTicket) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (ownCloud) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (pdf.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Perl) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (pH7CMS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Phaser) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Php Address Book) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (PHP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (phpBB) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (PhpFusion) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (phpList) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (PhpMyFAQ) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Piwigo) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Pixi.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Plone CMS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Plupload) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (PmWiki) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Podcast Generator) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Polymer) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (PrestaShop) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (prettyPhoto) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (ProjectSend) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Prototype JS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Python WSGIserver) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Python) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (qdPM) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Question2Answer) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Ramda) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (React) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (RequireJS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Resin Application Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Respond.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Restlet Framework) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Reveal.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Revive Adserver) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Rickshaw) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Riot.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (RoR) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Roundcube) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Ruby) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (RubyGems) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Rukovoditel) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (ScrollReveal) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Select2) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Semantic UI) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (SeoPanel) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Serendipity) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (slick) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Snap.svg) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Sortable) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Squid) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (SugarCRM) | CWE-1035, 937; ISO27001-A.18.1.3; WASC-13 | Information |
| Out-of-date Version (SweetAlert2) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (TCExam) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Telerik Web UI) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Three.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Tomcat) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Tornado Web Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Trac Software Project Management Tool) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Tracy Debugging Tool) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (TwistedWeb HTTP Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (typeahead.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Typo3) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; WASC-13; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Underscore.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Undertow Web Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Vanilla Forums) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Video.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Vue.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (W3 Total Cache) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (webERP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (WeBid) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (WebLogic) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Werkzeug Python WSGI Library) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (WordPress) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (XOOPS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (XRegExp) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (YetiForce CRM) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (YOURLS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (YUI) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Zen Cart) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (ZenPhoto) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Zepto.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Zikula) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| Out-of-date Version (Zope) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
| ownCloud Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Pardot Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Perl Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| pH7CMS Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Php Address Book Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| PHP Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| phpBB Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| PhpFusion Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| phpList Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| phpLiteAdmin Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
| phpMoAdmin Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
| phpMyAdmin Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
| PhpMyFAQ Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Phusion Passenger Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Piwigo Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Piwik Detected | CAPEC-224; CWE-205; ISO27001-A.14.2.5; WASC-45; OWASP PC-C7; OWASP 2017-A6 | Information |
| Play Web Framework Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Plesk (Linux) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Plesk (Windows) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Plone CMS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| PmWiki Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Podcast Generator Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| PrestaShop Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Private Burp Collaborator Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| ProjectSend Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Python Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Python WSGIserver Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| qdPM Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Question2Answer Detected | CWE-205; ISO27001-A.14.2.5; OWASP PC-C7; OWASP 2017-A6 | Information |
| Readme/Help File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C7; OWASP 2013-A7; OWASP 2017-A5 | Information |
| Referrer-Policy Needs Proper Fallback | CWE-200; ISO27001-A.14.2.5; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
| Resin Application Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Restlet Framework Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Reverse Proxy Detected (Apache Traffic Server) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| Reverse Proxy Detected (Citrix Netscaler) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| Reverse Proxy Detected (Envoy) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| Reverse Proxy Detected (F5 BIG-IP) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| Reverse Proxy Detected (HAProxy) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| Reverse Proxy Detected (Skipper) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
| Revive Adserver Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Robots.txt Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
| Roundcube Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Ruby on Rails Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| RubyGems Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Rukovoditel Detected | CWE-205; ISO27001-A.14.2.5; OWASP PC-C7; OWASP 2017-A6 | Information |
| Scheme URI Detected in Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
| Security.txt Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
| SeoPanel Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Serendipity Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| SharePoint Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Shell Script Detected | CWE-200; ISO27001-A.8.1.1; WASC-13; OWASP PC-C6 | Information |
| Shopify Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Silverlight Client Access Policy Detected | ISO27001-None; OWASP PC-C6 | Information |
| Sitemap Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
| SonicWall SSL-VPN Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| SQL File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C7; OWASP 2013-A7; OWASP 2017-A5 | Information |
| Squarespace Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Squid Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Static Nonce Identified in Content Security Policy (CSP) | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Sugar CRM Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| swagger.json Detected | ISO27001-A.8.1.1; OWASP PC-C7 | Information |
| Tableau Server Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Taleo Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| TCExam Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Telerik Web UI Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Test File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C7; OWASP 2013-A7; OWASP 2017-A5 | Information |
| Tomcat Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Tornado Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Trac Software Project Management Tool Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Tracy Debugging Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Travis CI Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| TS Web Access Identified | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.1; WASC-34; OWASP PC-C6; OWASP 2013-A7; OWASP 2017-A5 | Information |
| TwistedWeb HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Typo3 Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| UNC Server and Share Disclosure | CWE-16; ISO27001-A.18.1.3; WASC-15; OWASP PC-C7; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Undertow Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Unexpected Redirect Response Body (Too Large) | CWE-698; ISO27001-A.14.2.5; WASC-40; OWASP PC-C6 | Information |
| Unknown Option Used In Referrer-Policy | CWE-200; ISO27001-A.14.2.5; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
| Unsupported Hash Detected in Content Security Policy (CSP) | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Vanilla Forums Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Varnish HTTP Cache Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Vegur Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| W3 Total Cache Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Weak Nonce Detected in Content Security Policy (CSP) Declaration | CWE-330; ISO27001-A.14.2.5; WASC-16; OWASP 2013-A5; OWASP 2017-A6 | Information |
| Web Application Firewall Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
| Web.config File Detected | CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C6; OWASP 2013-A7; OWASP 2017-A5 | Information |
| Webalizer Detected | CAPEC-224; CWE-205; ISO27001-A.14.2.5; WASC-45; OWASP PC-C6; OWASP 2017-A6 | Information |
| WebDAV Enabled | CWE-16; ISO27001-A.9.4.4; WASC-15; OWASP PC-C6 | Information |
| webERP Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| WeBid Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| WebLogic Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Werkzeug Python WSGI Library Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Whoops Error Handler Framework Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
| Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
| Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
| WildFly Application Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Windows Azure Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| WordPress Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| WS_FTP Log File Detected | CAPEC-118; CWE-538; ISO27001-A.9.4.1; WASC-13; OWASP PC-C6 | Information |
| XOOPS Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| YetiForce CRM Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| YOURLS Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Zen Cart Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| ZenPhoto Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Zikula Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
| Zope Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
