This page lists all vulnerabilities that can be detected by Invicti.
Vulnerability Name | Classifications | Severity |
---|---|---|
Bash Command Injection Vulnerability (Shellshock Bug) | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A9 | Critical |
Blind Command Injection | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Blind SQL Injection | PCI v3.2-6.5.1; CAPEC-66; CWE-89; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-19; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Boolean Based SQL Injection | PCI v3.2-6.5.1; CAPEC-66; CWE-89; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-19; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts S02-53) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) S2-016 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) S2-045 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) S2-046 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (ASP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Node.js) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Perl) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (PHP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (PHP) - IAST | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Python) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (RoR - JSON) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (RoR) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Ruby) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation via Local File Inclusion (PHP) | PCI v3.2-6.5.1; CAPEC-251; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via File Upload | PCI v3.2-6.5.1; CAPEC-210; CWE-94; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-42; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via Local File Inclusion | PCI v3.2-6.5.1; CAPEC-170; CWE-94; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (ASP.NET Razor) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Java FreeMarker) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Java Pebble) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Java Velocity) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (JinJava) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Node.js Dot) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Node.js EJS) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Node.js Marko) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Node.js Nunjucks) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Node.js Pug (Jade)) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (PHP Smarty) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (PHP Twig) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Python Jinja) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Python Mako) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Python Tornado) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Ruby ERB) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via SSTI (Ruby Slim) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via WebDAV | PCI v3.2-6.5.8; CAPEC-17; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-17; OWASP 2017-A6 | Critical |
Command Injection | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Command Injection (IAST) | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Drupal Core - Remote Code Execution (CVE-2019-6340) | PCI v3.2-6.5.1; CAPEC-242; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Malware Identified | CWE-506 | Critical |
OpenSSL Heartbleed | PCI v3.2-6.5.2; CAPEC-216; CWE-119; ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A9 | Critical |
Oracle WebLogic Remote Code Execution (CVE-2020-14882) | PCI v3.2-6.5.1; CAPEC-242; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Apache Struts 2) | PCI v3.2-6.5.1; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Apache Struts 2) S2-053 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (ASP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Log4j) | PCI v3.2-6.5.1; CAPEC-23; CWE-502; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Node.js) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Perl) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (PHP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Python) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (RoR - JSON) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (RoR) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Ruby) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Java FreeMarker) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Java Velocity) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Node.js Dot) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Node.js EJS) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Node.js Marko) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Node.js Nunjucks) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Node.js Pug (Jade)) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (PHP Smarty) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (PHP Twig) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Python Jinja) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Python Mako) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Execution via SSTI (Python Tornado) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Command Injection | PCI v3.2-6.5.1; CAPEC-88; CWE-78; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-31; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Remote File Inclusion | PCI v3.2-6.5.1; CAPEC-193; CWE-98; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band SQL Injection | PCI v3.2-6.5.1; CAPEC-66; CWE-89; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-19; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Remote Code Execution (Spring4Shell) | PCI v3.2-6.5.1; CAPEC-242; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2017-A1 | Critical |
Remote Code Execution and DoS in HTTP.sys (IIS) | PCI v3.2-6.5.1; CAPEC-340; CWE-20; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-7; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Remote File Inclusion | PCI v3.2-6.5.1; CAPEC-193; CWE-98; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Request Forgery (Oracle Cloud) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Critical |
Server-Side Request Forgery (Packet Cloud) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Critical |
Server-Side Request Forgery (trace.axd) | PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Critical |
Server-Side Template Injection | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Template Injection (ASP.NET Razor) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Template Injection (Java FreeMarker) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Template Injection (Java Pebble) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Template Injection (Java Velocity) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Template Injection (JinJava) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Template Injection (Node.js Dot) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Template Injection (Node.js EJS) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Template Injection (Ruby ERB) | PCI v3.2-6.5.1; CWE-74; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
SQL Injection (IAST) | PCI v3.2-6.5.1; CAPEC-66; CWE-89; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-19; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Web Backdoor Detected | PCI v3.2-6.5.6; CAPEC-443; CWE-507; HIPAA-164.308(a); ISO27001-A.12.2.1; OWASP 2017-A10 | Critical |
Web Cache Deception | PCI v3.2-2.2.3; CAPEC-CAPEC; ISO27001-A.14.1.3; WASC-6; OWASP 2013-A5; OWASP 2017-A6 | Critical |
Arbitrary File Creation Detected | CWE-20; OWASP 2017-A5 | High |
Arbitrary File Deletion Detected | CWE-20; OWASP 2017-A5 | High |
ASP.NET Tracing Is Enabled | CWE-11; OWASP 2013-A5; OWASP 2017-A6 | High |
Backup Source Code Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-530; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | High |
Basic Authorization over HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
Blind Cross-site Scripting | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
Certificate is Signed Using a Weak Signature Algorithm | PCI v3.2-6.5.4; CAPEC-459; ISO27001-A.10; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
Cross-site Scripting | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
Cross-site Scripting (DOM based) | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
Cross-site Scripting via File Upload | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
Cross-site Scripting via Remote File Inclusion | PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | High |
Database User Has Admin Privileges | PCI v3.2-6.5.6; CWE-267; ISO27001-A.9.2.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | High |
Elmah.axd / Errorlog.axd Detected | PCI v3.2-6.5.6; CAPEC-347; CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
Expression Language Injection | PCI v3.2-6.5.1; CWE-20; HIPAA-164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | High |
F5 Big-IP Local File Inclusion (CVE-2020-5902) | PCI v3.2-6.5.8; CAPEC-252; CWE-22; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 | High |
Insecure Transportation Security Protocol Supported (SSLv2) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
JWT Forgery via Chaining Jku Parameter with Open Redirect | CWE-347; OWASP 2017-A2 | High |
JWT Forgery via Path Traversal | CWE-22; OWASP 2017-A1 | High |
JWT Forgery via SQL Injection | CWE-89; OWASP 2017-A1 | High |
JWT Forgery via unvalidated jku parameter | CWE-22; OWASP 2017-A1 | High |
JWT Signature Bypass via None Algorithm | CWE-347; OWASP 2017-A2 | High |
JWT Signature is not Verified | CWE-347; OWASP 2017-A2 | High |
Local File Inclusion | PCI v3.2-6.5.8; CAPEC-252; CWE-22; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 | High |
Local File Inclusion (IAST) | PCI v3.2-6.5.8; CAPEC-252; CWE-22; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 | High |
Oracle WebLogic Authentication Bypass (CVE-2020-14883) | CWE-288; OWASP 2013-A2; OWASP 2017-A2 | High |
Out of Band XML External Entity Injection | PCI v3.2-6.5.1; CAPEC-376; CWE-611; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-43; OWASP 2013-A1; OWASP 2017-A4 | High |
Out-of-date Version (Microsoft SQL Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 | High |
Out-of-date Version (MySQL) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 | High |
Out-of-date Version (Oracle) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 | High |
Out-of-date Version (PostgreSQL) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 | High |
Password Transmitted over HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
ROBOT Attack Detected (Strong Oracle) | PCI v3.2-6.5.4; CAPEC-217; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
ROBOT Attack Detected (Weak Oracle) | PCI v3.2-6.5.4; CAPEC-217; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | High |
Ruby on Rails File Content Disclosure (CVE-2019-5418) | PCI v3.2-6.5.8; CAPEC-252; CWE-98; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 | High |
Server-Side Request Forgery (Apache Server Status) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
Server-Side Request Forgery (AWS) | CWE-918; ISO27001-A.14.2.5; OWASP 2017-A5 | High |
Server-Side Request Forgery (elmah MVC) | PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
Server-Side Request Forgery (elmah) | PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
Server-Side Request Forgery (MySQL) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
Server-Side Request Forgery (SSH) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
Session Cookie Not Marked as Secure | PCI v3.2-6.5.10; CAPEC-102; CWE-614; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A6; OWASP 2017-A3 | High |
SVN Detected | CAPEC-118; CWE-527; ISO27001-A.9.4.1; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | High |
Trace.axd Detected | PCI v3.2-6.5.6; CAPEC-347; CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
Unrestricted File Upload | PCI v3.2-6.5.1; CWE-434; ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | High |
Weak Basic Authentication Credentials | PCI v3.2-6.5.10; CAPEC-16; CWE-521; ISO27001-A.9.4.3; WASC-15; OWASP 2013-A6; OWASP 2017-A3 | High |
Weak Secret is Used to Sign JWT | CWE-347; OWASP 2017-A2 | High |
WebDAV Directory Has Write Permissions | PCI v3.2-6.5.8; CWE-732; ISO27001-A.9.4.1; WASC-17; OWASP 2017-A6 | High |
XML External Entity Injection | PCI v3.2-6.5.1; CAPEC-376; CWE-611; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-43; OWASP 2013-A1; OWASP 2017-A4 | High |
Active Mixed Content over HTTPS | CWE-319; ISO27001-A.14.1.3; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Anonymous Ciphers Supported | PCI v3.2-6.5.4; CAPEC-117; CWE-311; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Apache Server-Info Detected | CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Apache Server-Status Detected | CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ASP.NET Cookieless Authentication Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ASP.NET Cookieless Session State Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ASP.NET CustomErrors Is Disabled | CWE-16; OWASP 2013-A6; OWASP 2017-A3 | Medium |
ASP.NET Login Credentials Stored In Plain Text | CWE-312; OWASP 2013-A6; OWASP 2017-A3 | Medium |
ASP.NET ValidateRequest Is Globally Disabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ASP.NET: Failure To Require SSL For Authentication Cookies | CWE-16; OWASP 2017-A6 | Medium |
Axis Development Mode Enabled in WEB-INF/server-config.wsdd | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Axis system configuration listing enabled in WEB-INF/server-config.wsdd | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Base Tag Hijacking | PCI v3.2-6.5.7; CAPEC-19; CWE-20; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | Medium |
BREACH Attack Detected | CWE-310; OWASP 2013-A9; OWASP 2017-A9 | Medium |
Critical Form Send to HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Critical Form Served over HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Custom Error Pages Are Not Configured in WEB-INF/web.xml | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
CVS Detected | CAPEC-118; CWE-527; ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Expired SSL Certificate | CWE-295; OWASP 2017-A3 | Medium |
Express Development Mode Is Enabled | CWE-200; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Express express-session Weak Secret Key Detected | CWE-200; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Frame Injection | PCI v3.2-6.5.1; CWE-601; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-38; OWASP 2013-A1; OWASP 2017-A1 | Medium |
GIT Detected | CAPEC-118; CWE-527; ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Medium |
HTTP Header Injection | PCI v3.2-6.5.1; CAPEC-105; CWE-93; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-24; OWASP 2013-A1; OWASP 2017-A1 | Medium |
HTTP Header Injection (IAST) | PCI v3.2-6.5.1; CAPEC-105; CWE-93; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-24; OWASP 2013-A1; OWASP 2017-A1 | Medium |
HTTP Strict Transport Security (HSTS) Errors and Warnings | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
HTTP Strict Transport Security (HSTS) Policy Not Enabled | CAPEC-217; CWE-523; ISO27001-A.14.1.2; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Insecure HTTP Usage | ISO27001-A.14.1.3; WASC-4; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Insecure Transportation Security Protocol Supported (SSLv3) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Invalid SSL Certificate | PCI v3.2-6.5.4; CAPEC-459; CWE-295; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Java Verb Tampering Via Misconfigured Security Constraint | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Microsoft Access Database File Detected | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 | Medium |
Node.js Web Application does not handle uncaughtException | CWE-248; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Node.js Web Application does not handle unhandledRejection | CWE-248; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Open Policy Crossdomain.xml Detected | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Open Redirection | CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10 | Medium |
Open Redirection (DOM based) | CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10 | Medium |
Open Silverlight Client Access Policy | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Overly Long Session Timeout | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Password Transmitted over Query String | PCI v3.2-6.5.4; CWE-598; ISO27001-A.14.2.5; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Medium |
PHP enable_dl Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
PHP register_globals Is Enabled | CWE-473; OWASP 2013-A5; OWASP 2017-A6 | Medium |
PHP session.use_only_cookies Is Disabled | CWE-598; OWASP 2013-A5; OWASP 2017-A6 | Medium |
PHP session.use_trans_sid Is Enabled | CWE-598; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Revoked SSL Certificate | CWE-295; OWASP 2017-A3 | Medium |
RSA Private Key Detected | CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Server-Side Request Forgery | CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Medium |
Server-Side Request Forgery (Time Based) | CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Medium |
Source Code Disclosure (ASP.NET) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (ColdFusion) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Generic) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Java Servlet) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Java) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (JSP) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Perl) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (PHP) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Python) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Ruby) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Tomcat) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Spring Boot Misconfiguration: Actuator endpoint security disabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Boot Misconfiguration: Admin MBean enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Boot Misconfiguration: Datasource credentials stored in the properties file | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Boot Misconfiguration: Developer tools enabled on production | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Boot Misconfiguration: H2 console enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Boot Misconfiguration: Overly long session timeout | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Boot Misconfiguration: Unsafe value for session tracking | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Spring Misconfiguration: HTML Escaping disabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
SQLite Database File Found | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 | Medium |
SSL Certificate Is About To Expire | CWE-295; OWASP 2017-A3 | Medium |
SSL Certificate Name Hostname Mismatch | CWE-295; OWASP 2017-A3 | Medium |
SSL Untrusted Root Certificate | CWE-295; OWASP 2017-A3 | Medium |
SSL/TLS Not Implemented | PCI v3.2-6.5.4; CAPEC-217; CWE-311; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Stack Trace Disclosure (ColdFusion) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Django) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Java) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Laravel) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Python) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (RoR) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Ruby-Sinatra Framework) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Struts 2 Config Browser plugin enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Struts 2 Development Mode Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Sublime SFTP Config File Detected | CWE-16; ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Unicode Transformation (Best-Fit Mapping) | CWE-20 | Medium |
Unsafe value for session tracking in WEB-INF/web.xml | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ViewState MAC Disabled | CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2017-A6 | Medium |
Weak Ciphers Enabled | PCI v3.2-6.5.4; CAPEC-217; CWE-327; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
WordPress Setup Configuration File | PCI v3.2-6.5.8; CAPEC-212; CWE-665; HIPAA-164.312(a)(1); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ZSH History File Detected | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 | Medium |
.DS_Store File Found | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A5 | Low |
Apache Multiple Choices Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Apache MultiViews Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
ASP.NET ViewStateUserKey Is Not Set | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
Autocomplete is Enabled | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Backup File Disclosure | PCI v3.2-6.5.8; CAPEC-87; CWE-530; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Low |
Cookie Not Marked as HttpOnly | CAPEC-107; CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Cookie Not Marked as Secure | PCI v3.2-6.5.10; CAPEC-102; CWE-614; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A6; OWASP 2017-A3 | Low |
Cookie Values Used in Anti-CSRF Token | CWE-352; HIPAA-164.306(a); ISO27001-A.14.1.2; OWASP 2013-A5; OWASP 2017-A6 | Low |
Cross-site Request Forgery | PCI v3.2-6.5.9; CAPEC-62; CWE-352; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-9; OWASP 2013-A8; OWASP 2017-A5 | Low |
Cross-site Request Forgery in Login Form | PCI v3.2-6.5.9; CAPEC-62; CWE-352; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-9; OWASP 2013-A8; OWASP 2017-A5 | Low |
Database Error Message Disclosure | PCI v3.2-6.5.5; CAPEC-118; CWE-210; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Database Name Disclosure (Microsoft SQL Server) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Database Name Disclosure (MySQL) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Django Debug Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Exception Report Disclosure (Tomcat) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Form Hijacking | CWE-20; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Low |
Information Disclosure (Microsoft Office) | PCI v3.2-6.5.5; CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13 | Low |
Insecure Frame (External) | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2017-A6 | Low |
Insecure JSONP Endpoint | CWE-20; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A1 | Low |
Insecure Reflected Content | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A1 | Low |
Insecure Transportation Security Protocol Supported (TLS 1.0) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Low |
Internal IP Address Disclosure | CWE-200; ISO27001-A.18.1.4; OWASP 2013-A6; OWASP 2017-A3 | Low |
Internal Server Error | CWE-550; ISO27001-A.14.1.2; WASC-13 | Low |
Laravel Debug Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.14.1.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Laravel Environment Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Microsoft IIS Log File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Low |
Microsoft Outlook Personal Folders File (.pst) Found | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A5 | Low |
Misconfigured Access-Control-Allow-Origin Header | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Misconfigured Frame | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2017-A6 | Low |
Misconfigured X-Frame-Options Header | CAPEC-103; CWE-693; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Low |
Missing Content-Type Header | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Missing X-Frame-Options Header | CAPEC-103; CWE-693; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Low |
Multiple Declarations in X-Frame-Options Header | CAPEC-103; CWE-693; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Low |
Open Redirection in POST method | CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10; OWASP 2017-A5 | Low |
Out-of-date Component ({applicationName}) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Passive Mixed Content over HTTPS | CWE-319; ISO27001-A.14.1.3; OWASP 2013-A6; OWASP 2017-A3 | Low |
Passive Web Backdoor Detected | PCI v3.2-6.5.6; CWE-507; HIPAA-164.308(a); ISO27001-A.12.2.1; OWASP 2017-A10 | Low |
Phishing by Navigating Browser Tabs | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
PHP allow_url_fopen Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
PHP allow_url_include Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
PHP display_errors Is Enabled | CWE-211; OWASP 2013-A5; OWASP 2017-A6 | Low |
PHP open_basedir Is Not Configured | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
phpinfo() Output Detected | CAPEC-346; CWE-213; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Low |
Programming Error Message | PCI v3.2-6.5.5; CAPEC-118; CWE-210; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Programming Error Message (Ruby) | PCI v3.2-6.5.5; CAPEC-118; CWE-210; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Reflected File Download | PCI v3.2-6.5.1; CAPEC-375; CWE-840; ISO27001-A.14.2.5; WASC-42; OWASP 2013-A1; OWASP 2017-A1 | Low |
RoR Database Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
RoR Development Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.14.1.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Social Security Number Disclosure | PCI v3.2-6.5.3; CAPEC-118; CWE-213; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Low |
Stack Trace Disclosure (Apache MyFaces) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Stack Trace Disclosure (ASP.NET) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Stack Trace Disclosure (CakePHP Framework) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Stack Trace Disclosure (CherryPy) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Stack Trace Disclosure (Grails) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Struts2 Development Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Subresource Integrity (SRI) Hash Invalid | CWE-16; ISO27001-A.14.2.5; WASC-15 | Low |
TRACE/TRACK Method Detected | CAPEC-107; CWE-16; ISO27001-A.14.1.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Unexpected Redirect Response Body (Two Responses) | CWE-698; ISO27001-A.14.2.5; WASC-25 | Low |
User Controllable Cookie | CWE-20; ISO27001-A.14.2.5; WASC-20 | Low |
Username Disclosure (Microsoft SQL Server) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.4; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Low |
Username Disclosure (MySQL) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.4; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Low |
Version Disclosure (Apache Coyote) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Apache Module) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Apache Traffic Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Apache) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Artifactory DevOps Solution) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (ASP.NET MVC) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (ASP.NET) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Atlassian Confluence) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Atlassian Jira) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Atlassian Proxy) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Axway SecureTransport Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (CakePHP Framework) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Cherokee) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (CherryPy) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Cowboy HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Daiquiri) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Django) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (FrontPage) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (GlassFish) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Grafana) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Gunicorn Python WSGI HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Hiawatha) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (IBM HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (IBM Rational Team Concert (RTC)) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (IBM Security Access Manager (WebSEAL)) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (IIS) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Java Servlet) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Java) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (JBoss) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Jenkins) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Jetty) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Jolokia) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (JSP) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Kong) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Liferay Digital Experience Platform) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Liferay Portal) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Lighttpd) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (mod_ssl) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Mongrel Web Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Next.js React Framework) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Nexus Repository OSS) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Nginx) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (NuSOAP) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (OpenResty) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (OpenSSL) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Oracle) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Perl) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (PHP) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (phpMyAdmin) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Phusion Passenger) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Plone CMS) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Python WSGIserver) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Python) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Resin Application Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Restlet Framework) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (RoR) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Ruby) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (RubyGems) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (SharePoint) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Squid) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Sugar CRM) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Taleo Web Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Telerik Web UI) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Tomcat) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Tornado) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Trac Software Project Management Tool) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Tracy Debugging Tool) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (TwistedWeb HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Undertow Web Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (W3 Total Cache) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (WebLogic) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (WEBrick) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Werkzeug Python WSGI Library) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Zope) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
ViewState is not Encrypted | CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2017-A6 | Low |
Windows Short Filename | PCI v3.2-6.5.8; CAPEC-87; CWE-538; HIPAA-164.306(a), 164.308(a); ISO27001-A.8.2.3; WASC-34; OWASP 2013-A7; OWASP 2017-A6 | Low |
Windows Username Disclosure | PCI v3.2-6.5.5; CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Low |
WP Engine Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Content Security Policy (CSP) Not Implemented | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
Insecure Transportation Security Protocol Supported (TLS 1.1) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Best Practice |
Missing X-XSS-Protection Header | CWE-16; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-15 | Best Practice |
Referrer-Policy Not Implemented | CWE-200; ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A3 | Best Practice |
SameSite Cookie Not Implemented | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
SameSite None Cookie Not Marked as Secure | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
Subresource Integrity (SRI) Not Implemented | CWE-16; ISO27001-A.14.2.5; WASC-15 | Best Practice |
.htaccess File Detected | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Information |
aah Go Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
AbanteCart Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Adminer Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
Administration Page Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.1; WASC-34; OWASP PC-C6; OWASP 2013-A7; OWASP 2017-A5 | Information |
Ampache Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
An Unsafe Content Security Policy (CSP) Directive in Use | CWE-16; ISO27001-A.14.2.5; WASC-15 | Information |
Apache Coyote Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Apache Module Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Apache Traffic Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Apache Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Apple’s App-Site Association (AASA) Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
Artifactory DevOps Solution Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
ASP.NET Debugging Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP PC-C7; OWASP 2013-A5; OWASP 2017-A6 | Information |
ASP.NET Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
ASP.NET MVC Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Atlassian Confluence Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Atlassian Jira Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Atlassian Proxy Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
ATutor Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Authorization Required | ISO27001-A.9.4.1 | Information |
Autocomplete Enabled (Password Field) | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
AWStats Detected | CAPEC-224; CWE-205; ISO27001-A.14.2.5; WASC-45; OWASP PC-C6; OWASP 2017-A6 | Information |
Axway SecureTransport Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
b2evolution Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Basic Authorization Required | ISO27001-A.9.4.1 | Information |
BitNinja Captcha Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Bomgar Remote Support Software Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Caddy Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
CakePHP Framework Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
CDN Detected (Airee) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Akamai) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Arvan Cloud) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Azure CDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (CDN77) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Fastly) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Fireblade) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Google Cloud CDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Incapsula) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (KeyCDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (MaxCDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Netlify) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (PowerCDN) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Qrator) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (Sucuri) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
CDN Detected (West263) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
Chamilo Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Cherokee Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
CherryPy Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Claroline Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
ClipBucket Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Collabtive Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Concrete5 Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Configuration File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Information |
contao Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Content Security Policy (CSP) Contains Out of Scope report-uri Domain | ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A3 | Information |
Content Security Policy (CSP) Keywords Not Used Within Single Quotes | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
Content Security Policy (CSP) Nonce Without Matching Script Block | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
Content Security Policy (CSP) report-uri Uses HTTP | ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A3 | Information |
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
Coppermine Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Cowboy HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Craft CMS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Credit Card Disclosure | PCI v3.2-6.5.3; CAPEC-118; CWE-213; ISO27001-A.18.1.4; WASC-13; OWASP PC-C7; OWASP 2013-A6; OWASP 2017-A3 | Information |
Crossdomain.xml Detected | ISO27001-A.12.5.1; OWASP PC-C6 | Information |
Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy | CWE-200; ISO27001-A.14.2.5; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy | CWE-200; ISO27001-A.14.1.2; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy | CWE-200; ISO27001-A.14.1.2; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy | CWE-200; ISO27001-A.14.1.2; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy | CWE-200; ISO27001-A.14.2.5; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
CrushFTP Server Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
CubeCart Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Daiquiri Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
data: Used in a Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
Database Connection String Detected | CWE-16; HIPAA-164.306(a); ISO27001-A.18.1.3; WASC-15; OWASP PC-C7; OWASP 2013-A5; OWASP 2017-A3 | Information |
Database Detected (HsqlDb) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
Database Detected (Microsoft Access) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
Database Detected (Microsoft SQL Server) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
Database Detected (MySQL) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
Database Detected (Oracle) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
Database Detected (PostgreSQL) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
DataDome Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
DbNinja Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
Default Page Detected (Apache) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Default Page Detected (CakePHP Framework) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Default Page Detected (IIS 10.0) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Default Page Detected (IIS 6) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Default Page Detected (IIS 7) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Default Page Detected (IIS 7.5) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Default Page Detected (IIS 7.X) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Default Page Detected (IIS 8) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Default Page Detected (IIS 8.5) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Default Page Detected (Tomcat) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
default-src Used in Content Security Policy (CSP) | ISO27001-A.14.2.5; OWASP PC-C9 | Information |
Denial of Service (MySQL) | CWE-400; ISO27001-A.14.1.2; WASC-10; OWASP PC-C9 | Information |
Deprecated Header Instruction Used to Implement Content Security Policy (CSP) | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP PC-C9 | Information |
Digest Authorization Required | ISO27001-A.9.4.1 | Information |
Directory Listing (Apache) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
Directory Listing (ASP.NET Server) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
Directory Listing (IIS) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
Directory Listing (Lighttpd) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
Directory Listing (LiteSpeed) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
Directory Listing (Nginx) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
Directory Listing (Tomcat) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
Directory Listing (WebDAV) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
Disabled X-XSS-Protection Header | CWE-693; ISO27001-A.14.1.2; WASC-15; OWASP PC-C9 | Information |
Django Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
DokuWiki Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Dolibarr Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Dolphin Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
DotClear Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Drupal Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
e107 Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Elgg Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Email Address Disclosure | CAPEC-118; CWE-200; ISO27001-A.9.4.1; WASC-13; OWASP PC-C7 | Information |
EspoCRM Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
ExpressJS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Family Connections Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
File Upload Functionality Detected | ISO27001-A.8.1.1; OWASP PC-C4 | Information |
FluxBB Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Forbidden Resource | ISO27001-A.8.1.1; OWASP PC-C8 | Information |
Form Tools Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Front Accounting Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
FrontPage Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Generic Email Address Disclosure | CAPEC-118; CWE-200; ISO27001-A.18.1.4; WASC-13; OWASP PC-C7 | Information |
GibbonEdu Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
GlassFish Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Grafana Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
GraphQL Endpoint Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Apollo) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Ariadne) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Dgraph) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Directus) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (GqlGen) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Graphene) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (GraphQL API for Wordpress) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Graphql-Go) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (graphql-java) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (graphql-php) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Hasura) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Juniper) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Ruby-graphql) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Sangria) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (Tartiflette) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
GraphQL Library Detected (WPGraphQL) | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP 2017-A6 | Information |
Gunicorn Python WSGI HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Hesk Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Hiawatha Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP PC-C1 | Information |
HTTP Strict Transport Security (HSTS) via HTTP | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP PC-C10; OWASP 2017-A6 | Information |
HubSpot Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
IBM Business Process Manager (BPM) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
IBM HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
IBM Rational Team Concert (RTC) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
IBM Security Access Manager (WebSEAL) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
IIS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Incorrect Content Security Policy (CSP) Implementation | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
Insecure Protocol Detected in Content Security Policy (CSP) | CWE-319; ISO27001-A.14.2.5 | Information |
Installation File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Information |
Intermediate Certificate is Signed Using a Weak Signature Algorithm | CAPEC-459; ISO27001-A.10; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Information |
Internal Path Disclosure (*nix) | CAPEC-118; CWE-200; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.1; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Internal Path Disclosure (Windows) | CAPEC-118; CWE-200; HIPAA-164.306(a), 164.308(a); ISO27001-A.8.1.1; WASC-13; OWASP PC-C7 | Information |
Invalid Content Security Policy (CSP) Directive Identified in meta Elements | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
Java Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Java Servlet Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
JBoss Application Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
JBoss Core Services Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
JBoss Enterprise Application Platform Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Jenkins Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Jetty Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Jolokia Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Joomla Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
JSP Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Kestrel Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Kong Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Liferay Digital Experience Platform Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Liferay Portal Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Lighthouse Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Lighttpd Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
LimeSurvey Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
LiteSpeed Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Log File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C6; OWASP 2013-A7; OWASP 2017-A5 | Information |
Login Page Identified | OWASP PC-C6 | Information |
Magento Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Mashery Proxy Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
MediaWiki Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Mibew Messenger Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Mint Detected | CAPEC-224; CWE-205; ISO27001-A.14.2.5; WASC-45; OWASP PC-C7; OWASP 2017-A6 | Information |
Missing object-src in CSP Declaration | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP PC-C9 | Information |
MODX Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Mongrel Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Moodle Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Multiple Content Security Policy (CSP) Implementation Detected | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP PC-C9 | Information |
MyBB Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Next.js React Framework Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Nexus Repository OSS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Nginx Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP) | ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Information |
Nonce Usage Detected in Content Security Policy (CSP) Directive | ISO27001-A.14.2.5; OWASP PC-C9 | Information |
NTLM Authorization Required | ISO27001-A.9.4.1; OWASP PC-C6 | Information |
NuSOAP Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Omeka Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
OpenCart Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
OpenResty Web Platform Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
OpenSearch.xml Detected | CWE-200; ISO27001-A.18.1.3; OWASP PC-C7 | Information |
OpenSSL Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
OpenVPN Access Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
OPTIONS Method Enabled | CAPEC-107; CWE-16; ISO27001-A.14.1.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Information |
Oracle Application Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Oracle HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
osClass Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
osCommerce Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
osTicket Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Out-of-date (ASP.NET MVC) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date (FrontPage) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date (Mongrel) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date (Oracle Application Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date (Phusion Passenger) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date (SharePoint) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date (Taleo Web Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (AbanteCart) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Ampache) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (AngularJS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Apache Coyote) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Apache Traffic Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Apache) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Artifactory DevOps Solution) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (ASP.NET SignalR) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Atlassian Confluence) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Atlassian Jira) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Atlassian Proxy) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (ATutor) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (axios) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Axway SecureTransport Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (b2evolution) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Backbone.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (bluebird) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Bootbox.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Bootstrap 3 Date/Time Picker) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Bootstrap Toggle) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Bootstrap) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (CakePHP Framework) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Chamilo) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Chart.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Cherokee) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (CherryPy) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (CKEditor) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Claroline) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (ClipBucket) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Collabtive) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Concerte5) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (contao) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Coppermine) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Cowboy HTTP Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (CubeCart) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (D3.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Daiquiri) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (DataTables) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Django) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (DokuWiki) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Dolibarr) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Dolphin) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (DOMPurify) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (DotClear) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Drupal) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (DWR) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (e107) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (easyXDM) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (ef.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Elgg) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Ember.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (EspoCRM) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Ext JS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Fabric.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Family Connections) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (FancyBox) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Fingerprintjs2) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Flickity) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (FluxBB) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (FooTable) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Form Tools) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Foundation) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Front Accounting) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Fuel UX) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (GibbonEdu) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (GlassFish) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Google Charts) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Grafana) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (GSAP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Gunicorn Python WSGI HTTP Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Hammer.JS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Handlebars.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Hesk) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Hiawatha) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Highcharts) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (HTML5 Shiv) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (IBM HTTP Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (IBM Rational Team Concert (RTC)) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (IBM Security Access Manager (WebSEAL)) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (IIS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (ImagePicker) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Inferno) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Intro.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Ion.RangeSlider) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Java) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (JavaScript Cookie) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (JBoss) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Jenkins) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Jetty Web Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Jolokia) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Joomla) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jPlayer) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jQuery Mask) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jQuery Migrate) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jQuery Mobile) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jQuery UI Autocomplete) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jQuery UI Dialog) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jQuery UI Tooltip) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jQuery Validation) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jQuery) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (JSP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (jsTree) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Knockout Mapping) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Knockout) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Kong) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Lazy.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Leaflet) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Liferay Digital Experience Platform) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Liferay Portal) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Lightbox) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Lighttpd) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (LimeSurvey) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (List.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Lodash) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Magento) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; WASC-13; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Marionette.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Math.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (MathJax) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (MediaWiki) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Mibew Messenger) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Mithril) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Modernizr) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (MODX) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Moment.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Moodle) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (mustache.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (MyBB) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Next.js React Framework) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Nexus Repository OSS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Nginx) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; WASC-13; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (NuSOAP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; WASC-13; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Omeka) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (OpenCart) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (OpenResty) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (OpenSSL) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (osClass) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (osCommerce) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (osTicket) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (ownCloud) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (pdf.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Perl) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (pH7CMS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Phaser) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Php Address Book) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (PHP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (phpBB) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (PhpFusion) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (phpList) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (PhpMyFAQ) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Piwigo) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Pixi.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Plone CMS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Plupload) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (PmWiki) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Podcast Generator) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Polymer) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (PrestaShop) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (prettyPhoto) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (ProjectSend) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Prototype JS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Python WSGIserver) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Python) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (qdPM) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Question2Answer) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Ramda) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (React) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (RequireJS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Resin Application Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Respond.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Restlet Framework) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Reveal.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Revive Adserver) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Rickshaw) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Riot.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (RoR) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Roundcube) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Ruby) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (RubyGems) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Rukovoditel) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (ScrollReveal) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Select2) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Semantic UI) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (SeoPanel) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Serendipity) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (slick) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Snap.svg) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Sortable) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Squid) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (SugarCRM) | CWE-1035, 937; ISO27001-A.18.1.3; WASC-13 | Information |
Out-of-date Version (SweetAlert2) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (TCExam) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Telerik Web UI) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Three.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Tomcat) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Tornado Web Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Trac Software Project Management Tool) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Tracy Debugging Tool) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (TwistedWeb HTTP Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (typeahead.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Typo3) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; WASC-13; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Underscore.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Undertow Web Server) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Vanilla Forums) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Video.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Vue.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (W3 Total Cache) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (webERP) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (WeBid) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (WebLogic) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Werkzeug Python WSGI Library) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (WordPress) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (XOOPS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (XRegExp) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (YetiForce CRM) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (YOURLS) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (YUI) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Zen Cart) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (ZenPhoto) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Zepto.js) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Zikula) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
Out-of-date Version (Zope) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |
ownCloud Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Pardot Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Perl Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
pH7CMS Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Php Address Book Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
PHP Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
phpBB Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
PhpFusion Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
phpList Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
phpLiteAdmin Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
phpMoAdmin Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
phpMyAdmin Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C6; OWASP 2017-A6 | Information |
PhpMyFAQ Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Phusion Passenger Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Piwigo Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Piwik Detected | CAPEC-224; CWE-205; ISO27001-A.14.2.5; WASC-45; OWASP PC-C7; OWASP 2017-A6 | Information |
Play Web Framework Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Plesk (Linux) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Plesk (Windows) Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Plone CMS Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
PmWiki Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Podcast Generator Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
PrestaShop Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Private Burp Collaborator Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
ProjectSend Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Python Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Python WSGIserver Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
qdPM Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Question2Answer Detected | CWE-205; ISO27001-A.14.2.5; OWASP PC-C7; OWASP 2017-A6 | Information |
Readme/Help File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C7; OWASP 2013-A7; OWASP 2017-A5 | Information |
Referrer-Policy Needs Proper Fallback | CWE-200; ISO27001-A.14.2.5; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
Resin Application Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Restlet Framework Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Reverse Proxy Detected (Apache Traffic Server) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
Reverse Proxy Detected (Citrix Netscaler) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
Reverse Proxy Detected (Envoy) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
Reverse Proxy Detected (F5 BIG-IP) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
Reverse Proxy Detected (HAProxy) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
Reverse Proxy Detected (Skipper) | CAPEC-224; CWE-200; ISO27001-A.18.1.3; WASC-45 | Information |
Revive Adserver Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Robots.txt Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
Roundcube Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Ruby on Rails Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
RubyGems Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Rukovoditel Detected | CWE-205; ISO27001-A.14.2.5; OWASP PC-C7; OWASP 2017-A6 | Information |
Scheme URI Detected in Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
Security.txt Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
SeoPanel Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Serendipity Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
SharePoint Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Shell Script Detected | CWE-200; ISO27001-A.8.1.1; WASC-13; OWASP PC-C6 | Information |
Shopify Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Silverlight Client Access Policy Detected | ISO27001-None; OWASP PC-C6 | Information |
Sitemap Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
SonicWall SSL-VPN Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
SQL File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C7; OWASP 2013-A7; OWASP 2017-A5 | Information |
Squarespace Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Squid Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Static Nonce Identified in Content Security Policy (CSP) | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
Sugar CRM Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
swagger.json Detected | ISO27001-A.8.1.1; OWASP PC-C7 | Information |
Tableau Server Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Taleo Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
TCExam Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Telerik Web UI Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Test File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C7; OWASP 2013-A7; OWASP 2017-A5 | Information |
Tomcat Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Tornado Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Trac Software Project Management Tool Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Tracy Debugging Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Travis CI Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
TS Web Access Identified | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.1; WASC-34; OWASP PC-C6; OWASP 2013-A7; OWASP 2017-A5 | Information |
TwistedWeb HTTP Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Typo3 Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
UNC Server and Share Disclosure | CWE-16; ISO27001-A.18.1.3; WASC-15; OWASP PC-C7; OWASP 2013-A5; OWASP 2017-A6 | Information |
Undertow Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Unexpected Redirect Response Body (Too Large) | CWE-698; ISO27001-A.14.2.5; WASC-40; OWASP PC-C6 | Information |
Unknown Option Used In Referrer-Policy | CWE-200; ISO27001-A.14.2.5; OWASP PC-C9; OWASP 2013-A6; OWASP 2017-A6 | Information |
Unsupported Hash Detected in Content Security Policy (CSP) | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Information |
Vanilla Forums Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Varnish HTTP Cache Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Vegur Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
W3 Total Cache Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Weak Nonce Detected in Content Security Policy (CSP) Declaration | CWE-330; ISO27001-A.14.2.5; WASC-16; OWASP 2013-A5; OWASP 2017-A6 | Information |
Web Application Firewall Detected | ISO27001-A.18.1.3; OWASP PC-C7 | Information |
Web.config File Detected | CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP PC-C6; OWASP 2013-A7; OWASP 2017-A5 | Information |
Webalizer Detected | CAPEC-224; CWE-205; ISO27001-A.14.2.5; WASC-45; OWASP PC-C6; OWASP 2017-A6 | Information |
WebDAV Enabled | CWE-16; ISO27001-A.9.4.4; WASC-15; OWASP PC-C6 | Information |
webERP Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
WeBid Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
WebLogic Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Werkzeug Python WSGI Library Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Whoops Error Handler Framework Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
WildFly Application Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Windows Azure Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
WordPress Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
WS_FTP Log File Detected | CAPEC-118; CWE-538; ISO27001-A.9.4.1; WASC-13; OWASP PC-C6 | Information |
XOOPS Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
YetiForce CRM Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
YOURLS Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Zen Cart Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
ZenPhoto Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Zikula Detected | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Zope Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |