Web Vulnerability & Security Checks

Select Category

Search Vulnerability

Vulnerability Name

Classifications

Severity

Bash Command Injection Vulnerability (Shellshock Bug)

PCI v3.2-6.5.1, CAPEC-88, CWE-78, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-31, OWASP 2013-A1, OWASP 2017-A9, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

Critical

Blind Command Injection

PCI v3.2-6.5.1, CAPEC-88, CWE-78, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-31, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Blind SQL Injection

PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Boolean Based SQL Injection

PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Evaluation (Apache Struts)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O

Critical

Code Evaluation (Apache Struts S02-53)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Evaluation (Apache Struts) S2-016

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O

Critical

Code Evaluation (Apache Struts) S2-045

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O

Critical

Code Evaluation (Apache Struts) S2-046

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O

Critical

Code Evaluation (ASP)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Code Evaluation (Node.js)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Code Evaluation (Perl)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Code Evaluation (PHP)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Code Evaluation (PHP) – IAST

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Code Evaluation (Python)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Code Evaluation (RoR)

PCI v3.2-6.5.1, CAPEC-356, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-23, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Code Evaluation (RoR – JSON)

PCI v3.2-6.5.1, CAPEC-356, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-23, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Code Evaluation (Ruby)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Code Evaluation via Local File Inclusion (PHP)

PCI v3.2-6.5.1, CAPEC-251, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via File Upload

PCI v3.2-6.5.1, CAPEC-210, CWE-94, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-42, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via Local File Inclusion

PCI v3.2-6.5.1, CAPEC-170, CWE-94, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (ASP.NET Razor)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Java FreeMarker)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Java Pebble)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Java Velocity)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (JinJava)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Node.js Dot)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Node.js EJS)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Node.js Marko)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Node.js Nunjucks)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Node.js Pug (Jade))

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (PHP Smarty)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (PHP Twig)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Python Jinja)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Python Mako)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Python Tornado)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Ruby ERB)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via SSTI (Ruby Slim)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Code Execution via WebDAV

PCI v3.2-6.5.8, CAPEC-17, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-17, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Command Injection

PCI v3.2-6.5.1, CAPEC-88, CWE-78, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-31, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Command Injection (IAST)

PCI v3.2-6.5.1, CAPEC-88, CWE-78, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-31, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Drupal Core – Remote Code Execution (CVE-2019-6340)

PCI v3.2-6.5.1, CAPEC-242, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Critical

Mail Header Injection (IAST)

PCI v3.2-6.5.1, CAPEC-66, CWE-20, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Critical

Malware Identified

CWE-506, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Critical

OpenSSL Heartbleed

PCI v3.2-6.5.2, CAPEC-216, CWE-119, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A9, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

Critical

Oracle WebLogic Remote Code Execution (CVE-2020-14882)

PCI v3.2-6.5.1, CAPEC-242, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Critical

Out of Band Code Evaluation (Apache Struts 2)

PCI v3.2-6.5.1, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O

Critical

Out of Band Code Evaluation (Apache Struts 2) S2-053

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Evaluation (ASP)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Evaluation (Log4j)

PCI v3.2-6.5.1, CAPEC-23, CWE-502, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Evaluation (Node.js)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Evaluation (Perl)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Evaluation (PHP)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Evaluation (Python)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Evaluation (RoR)

PCI v3.2-6.5.1, CAPEC-356, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-23, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/RL:O

Critical

Out of Band Code Evaluation (RoR – JSON)

PCI v3.2-6.5.1, CAPEC-356, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-23, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Critical

Out of Band Code Evaluation (Ruby)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Java FreeMarker)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Java Velocity)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Node.js Dot)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Node.js EJS)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Node.js Marko)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Node.js Nunjucks)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Node.js Pug (Jade))

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (PHP Smarty)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (PHP Twig)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Python Jinja)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Python Mako)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Code Execution via SSTI (Python Tornado)

PCI v3.2-6.5.1, CAPEC-23, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Command Injection

PCI v3.2-6.5.1, CAPEC-88, CWE-78, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-31, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band Remote File Inclusion

PCI v3.2-6.5.1, CAPEC-193, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Out of Band SQL Injection

PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

PossibleBlindMongoDB [deprecated]

PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1

Critical

Remote Code Execution and DoS in HTTP.sys (IIS)

PCI v3.2-6.5.1, CAPEC-340, CWE-20, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-7, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C

Critical

Remote Code Execution (Spring4Shell)

PCI v3.2-6.5.1, CAPEC-242, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Critical

Remote File Inclusion

PCI v3.2-6.5.1, CAPEC-193, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Critical

Server-Side Request Forgery (Oracle Cloud)

CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Critical

Server-Side Request Forgery (Packet Cloud)

CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Critical

Server-Side Request Forgery (trace.axd)

PCI v3.2-6.5.6, CAPEC-347, CWE-918, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

Critical

Server-Side Template Injection

PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Server-Side Template Injection (ASP.NET Razor)

PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Server-Side Template Injection (Java FreeMarker)

PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Server-Side Template Injection (Java Pebble)

PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Server-Side Template Injection (Java Velocity)

PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Server-Side Template Injection (JinJava)

PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Server-Side Template Injection (Node.js Dot)

PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Server-Side Template Injection (Node.js EJS)

PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Critical

Server-Side Template Injection (Ruby ERB)

PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

SQL Injection

PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

SQL Injection (IAST)

PCI v3.2-6.5.1, CAPEC-66, CWE-89, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-19, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Critical

Text4Shell Remote Code Execution – (CVE-2022-42889)

PCI v3.2-6.5.1, CAPEC-242, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A03, OWASP 2017-A01, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Critical

Web Backdoor Detected

PCI v3.2-6.5.6, CAPEC-443, CWE-507, HIPAA-164.308(a), ISO27001-A.12.2.1, OWASP 2017-A10, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Critical

Web Cache Deception

PCI v3.2-2.2.3, CAPEC-CAPEC, ISO27001-A.14.1.3, WASC-6, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Critical

Arbitrary File Creation Detected

CWE-20, OWASP 2017-A5

High

Arbitrary File Deletion Detected

CWE-20, OWASP 2017-A5

High

ASP.NET Tracing Is Enabled

CWE-11, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

High

Backup Source Code Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

High

Basic Authorization over HTTP

PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

High

Blind Cross-site Scripting

PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

High

Blind MongoDB Injection

PCI v3.2-6.5.1, CWE-943, HIPAA-164.306(a), 164.308(a), OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

High

Certificate is Signed Using a Weak Signature Algorithm

PCI v3.2-6.5.4, CAPEC-459, ISO27001-A.10, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

High

Cross-site Scripting

PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

High

Cross-site Scripting (DOM based)

PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

High

Cross-site Scripting via File Upload

PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

High

Cross-site Scripting via Remote File Inclusion

PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

High

Database User Has Admin Privileges

PCI v3.2-6.5.6, CWE-267, ISO27001-A.9.2.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

High

Elmah.axd / Errorlog.axd Detected

PCI v3.2-6.5.6, CAPEC-347, CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

High

Error-Based MongoDB Injection

PCI v3.2-6.5.1, CWE-943, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

High

Expression Language Injection

PCI v3.2-6.5.1, CWE-20, HIPAA-164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

High

F5 Big-IP Local File Inclusion (CVE-2020-5902)

PCI v3.2-6.5.8, CAPEC-252, CWE-22, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

High

Insecure Transportation Security Protocol Supported (SSLv2)

PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

High

JWT Forgery via Chaining Jku Parameter with Open Redirect

CWE-347, OWASP 2017-A2, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

High

JWT Forgery via Path Traversal

CWE-22, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

High

JWT Forgery via SQL Injection

CWE-89, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

High

JWT Forgery via unvalidated jku parameter

CWE-22, OWASP 2017-A1, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

High

JWT Signature Bypass via None Algorithm

CWE-347, OWASP 2017-A2, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

High

JWT Signature is not Verified

CWE-347, OWASP 2017-A2, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

High

Local File Inclusion

PCI v3.2-6.5.8, CAPEC-252, CWE-22, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

High

Local File Inclusion (IAST)

PCI v3.2-6.5.8, CAPEC-252, CWE-22, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

High

Oracle WebLogic Authentication Bypass (CVE-2020-14883)

CWE-288, OWASP 2013-A2, OWASP 2017-A2, CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

High

Out of Band XML External Entity Injection

PCI v3.2-6.5.1, CAPEC-376, CWE-611, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-43, OWASP 2013-A1, OWASP 2017-A4, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H

High

Out-of-date Version (Microsoft SQL Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

High

Out-of-date Version (MySQL)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

High

Out-of-date Version (Oracle)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

High

Out-of-date Version (PostgreSQL)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

High

Password Transmitted over HTTP

PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

High

ROBOT Attack Detected (Strong Oracle)

PCI v3.2-6.5.4, CAPEC-217, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C

High

ROBOT Attack Detected (Weak Oracle)

PCI v3.2-6.5.4, CAPEC-217, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C

High

Ruby on Rails File Content Disclosure (CVE-2019-5418)

PCI v3.2-6.5.8, CAPEC-252, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

High

Server-Side Request Forgery (Apache Server Status)

CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

High

Server-Side Request Forgery (AWS)

CWE-918, ISO27001-A.14.2.5, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

High

Server-Side Request Forgery (elmah)

PCI v3.2-6.5.6, CAPEC-347, CWE-918, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

High

Server-Side Request Forgery (elmah MVC)

PCI v3.2-6.5.6, CAPEC-347, CWE-918, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

High

Server-Side Request Forgery (MySQL)

CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

High

Server-Side Request Forgery (SSH)

CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

High

Session Cookie Not Marked as Secure

PCI v3.2-6.5.10, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

High

Stored Cross-site Scripting

PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

High

SVN Detected

CAPEC-118, CWE-527, ISO27001-A.9.4.1, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

High

Trace.axd Detected

PCI v3.2-6.5.6, CAPEC-347, CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

High

Unrestricted File Upload

PCI v3.2-6.5.1, CWE-434, ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

High

Weak Basic Authentication Credentials

PCI v3.2-6.5.10, CAPEC-16, CWE-521, ISO27001-A.9.4.3, WASC-15, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

High

Weak Secret is Used to Sign JWT

CWE-347, OWASP 2017-A2, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

High

WebDAV Directory Has Write Permissions

PCI v3.2-6.5.8, CWE-732, ISO27001-A.9.4.1, WASC-17, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C

High

XML External Entity Injection

PCI v3.2-6.5.1, CAPEC-376, CWE-611, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-43, OWASP 2013-A1, OWASP 2017-A4, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

High

Active Mixed Content over HTTPS

CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Medium

Anonymous Ciphers Supported

PCI v3.2-6.5.4, CAPEC-117, CWE-311, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Medium

Apache Server-Info Detected

CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Medium

Apache Server-Status Detected

CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Medium

ASP.NET Cookieless Authentication Is Enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Medium

ASP.NET Cookieless Session State Is Enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Medium

ASP.NET CustomErrors Is Disabled

CWE-16, OWASP 2013-A6, OWASP 2017-A3

Medium

ASP.NET: Failure To Require SSL For Authentication Cookies

CWE-16, OWASP 2017-A6

Medium

ASP.NET Login Credentials Stored In Plain Text

CWE-312, OWASP 2013-A6, OWASP 2017-A3

Medium

ASP.NET ValidateRequest Is Globally Disabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Medium

Axis Development Mode Enabled in WEB-INF/server-config.wsdd

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Axis system configuration listing enabled in WEB-INF/server-config.wsdd

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Base Tag Hijacking

PCI v3.2-6.5.7, CAPEC-19, CWE-20, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Medium

BREACH Attack Detected

CWE-310, OWASP 2013-A9, OWASP 2017-A9, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Medium

Critical Form Send to HTTP

PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Medium

Critical Form Served over HTTP

PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Medium

Custom Error Pages Are Not Configured in WEB-INF/web.xml

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

CVS Detected

CAPEC-118, CWE-527, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Expired SSL Certificate

CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Medium

Express Development Mode Is Enabled

CWE-200, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Express express-session Weak Secret Key Detected

CWE-200, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Frame Injection

PCI v3.2-6.5.1, CWE-601, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-38, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Medium

GIT Detected

CAPEC-118, CWE-527, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Medium

HTTP Header Injection

PCI v3.2-6.5.1, CAPEC-105, CWE-93, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-24, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Medium

HTTP Header Injection (IAST)

PCI v3.2-6.5.1, CAPEC-105, CWE-93, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-24, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Medium

HTTP Parameter Pollution [deprecated]

CWE-88, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Medium

HTTP Strict Transport Security (HSTS) Errors and Warnings

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Medium

HTTP Strict Transport Security (HSTS) Policy Not Enabled

CAPEC-217, CWE-523, ISO27001-A.14.1.2, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Medium

Insecure HTTP Usage

ISO27001-A.14.1.3, WASC-4, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Medium

Insecure Transportation Security Protocol Supported (SSLv3)

PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

Medium

Invalid SSL Certificate

PCI v3.2-6.5.4, CAPEC-459, CWE-295, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Medium

Java Verb Tampering Via Misconfigured Security Constraint

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Microsoft Access Database File Detected

PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Medium

Node.js Web Application does not handle uncaughtException

CWE-248, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Node.js Web Application does not handle unhandledRejection

CWE-248, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Open Policy Crossdomain.xml Detected

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

Medium

Open Redirection

CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Medium

Open Redirection (DOM based)

CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N

Medium

Open Silverlight Client Access Policy

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

Medium

Overly Long Session Timeout

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Password Transmitted over Query String

PCI v3.2-6.5.4, CWE-598, ISO27001-A.14.2.5, WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Medium

PHP enable_dl Is Enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Medium

PHP magic_quotes_gpc Is Disabled [deprecated]

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Medium

PHP register_globals Is Enabled

CWE-473, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

PHP session.use_only_cookies Is Disabled

CWE-598, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Medium

PHP session.use_trans_sid Is Enabled

CWE-598, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Medium

Revoked SSL Certificate

CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Medium

RSA Private Key Detected

CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Medium

Server-Side Request Forgery

CWE-918, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Server-Side Request Forgery (Time Based)

CWE-918, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (ASP.NET)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (ColdFusion)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (Generic)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (Java)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (Java Servlet)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (JSP)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (Perl)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (PHP)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (Python)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (Ruby)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Source Code Disclosure (Tomcat)

CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Spring Boot Misconfiguration: Actuator endpoint security disabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Boot Misconfiguration: Admin MBean enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Boot Misconfiguration: Datasource credentials stored in the properties file

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Boot Misconfiguration: Developer tools enabled on production

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Boot Misconfiguration: H2 console enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Boot Misconfiguration: MongoDB credentials stored in the properties file

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Boot Misconfiguration: Overly long session timeout

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Boot Misconfiguration: Unsafe value for session tracking

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Spring Misconfiguration: HTML Escaping disabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

SQLite Database File Found

PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Medium

SSL Certificate Is About To Expire

CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Medium

SSL Certificate Name Hostname Mismatch

CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Medium

SSL Untrusted Root Certificate

CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Medium

SSL/TLS Not Implemented

PCI v3.2-6.5.4, CAPEC-217, CWE-311, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

Medium

Stack Trace Disclosure (ColdFusion)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Medium

Stack Trace Disclosure (Django)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Stack Trace Disclosure (Java)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Stack Trace Disclosure (Laravel)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Medium

Stack Trace Disclosure (Python)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Stack Trace Disclosure (RoR)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Stack Trace Disclosure (Ruby-Sinatra Framework)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Struts 2 Config Browser plugin enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Struts 2 Development Mode Enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Sublime SFTP Config File Detected

CWE-16, ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Medium

Unicode Transformation (Best-Fit Mapping)

CWE-20, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Medium

Unsafe value for session tracking in WEB-INF/web.xml

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

ViewState MAC Disabled

CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

Weak Ciphers Enabled

PCI v3.2-6.5.4, CAPEC-217, CWE-327, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Medium

WordPress Setup Configuration File

PCI v3.2-6.5.8, CAPEC-212, CWE-665, HIPAA-164.312(a)(1), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/CR:H/IR:H/AR:H/MAV:N/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:N

Medium

ZSH History File Detected

PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Medium

Apache Multiple Choices Enabled

CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Apache MultiViews Enabled

CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

ASP.NET ViewStateUserKey Is Not Set

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Low

Autocomplete is Enabled

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Backup File Disclosure

PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5

Low

Cookie Not Marked as HttpOnly

CAPEC-107, CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Cookie Not Marked as Secure

PCI v3.2-6.5.10, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Low

Cookie Values Used in Anti-CSRF Token

CWE-352, HIPAA-164.306(a), ISO27001-A.14.1.2, OWASP 2013-A5, OWASP 2017-A6

Low

Cross-site Request Forgery

PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5

Low

Cross-site Request Forgery in Login Form

PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5

Low

Database Error Message Disclosure

PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Database Name Disclosure (Microsoft SQL Server)

PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Database Name Disclosure (MySQL)

PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Django Debug Mode Enabled

PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

.DS_Store File Found

PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5

Low

Exception Report Disclosure (Tomcat)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Form Hijacking

CWE-20, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1

Low

Information Disclosure (Microsoft Office)

PCI v3.2-6.5.5, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13

Low

phpinfo() Output Detected

CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3

Low

Insecure Frame (External)

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6

Low

Insecure JSONP Endpoint

CWE-20, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1

Low

Insecure Reflected Content

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1

Low

Insecure Transportation Security Protocol Supported (TLS 1.0)

PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3

Low

Internal IP Address Disclosure

CWE-200, ISO27001-A.18.1.4, OWASP 2013-A6, OWASP 2017-A3

Low

Internal Server Error

CWE-550, ISO27001-A.14.1.2, WASC-13

Low

Laravel Debug Mode Enabled

PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Laravel Environment Configuration File Detected

CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Microsoft IIS Log File Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5

Low

Microsoft Outlook Personal Folders File (.pst) Found

PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5

Low

Misconfigured Access-Control-Allow-Origin Header

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Misconfigured Frame

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6

Low

Misconfigured X-Frame-Options Header

CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6

Low

Missing Content-Type Header

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Missing X-Frame-Options Header

CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6

Low

Multiple Declarations in X-Frame-Options Header

CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6

Low

Open Redirection in POST method

CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, OWASP 2017-A5

Low

Out-of-date Component ({applicationName})

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Passive Mixed Content over HTTPS

CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3

Low

Passive Web Backdoor Detected

PCI v3.2-6.5.6, CWE-507, HIPAA-164.308(a), ISO27001-A.12.2.1, OWASP 2017-A10

Low

Phishing by Navigating Browser Tabs

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

PHP allow_url_fopen Is Enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Low

PHP allow_url_include Is Enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Low

PHP display_errors Is Enabled

CWE-211, OWASP 2013-A5, OWASP 2017-A6

Low

PHP open_basedir Is Not Configured

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Low

Programming Error Message

PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Programming Error Message (Ruby)

PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Reflected File Download

PCI v3.2-6.5.1, CAPEC-375, CWE-840, ISO27001-A.14.2.5, WASC-42, OWASP 2013-A1, OWASP 2017-A1

Low

RoR Database Configuration File Detected

CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

RoR Development Mode Enabled

PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Social Security Number Disclosure

PCI v3.2-6.5.3, CAPEC-118, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3

Low

Stack Trace Disclosure (Apache MyFaces)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (ASP.NET)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (CakePHP Framework)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (CherryPy)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (Grails)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Struts2 Development Mode Enabled

PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Subresource Integrity (SRI) Hash Invalid

CWE-16, ISO27001-A.14.2.5, WASC-15

Low

TRACE/TRACK Method Detected

CAPEC-107, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Unexpected Redirect Response Body (Two Responses)

CWE-698, ISO27001-A.14.2.5, WASC-25

Low

User Controllable Cookie

CWE-20, ISO27001-A.14.2.5, WASC-20

Low

Username Disclosure (Microsoft SQL Server)

PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3

Low

Username Disclosure (MySQL)

PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3

Low

Version Disclosure (Apache)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Apache Coyote)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Apache Module)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Apache Traffic Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Artifactory DevOps Solution)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (ASP.NET)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (ASP.NET MVC)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Atlassian Confluence)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Atlassian Jira)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Atlassian Proxy)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Axway SecureTransport Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (CakePHP Framework)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Cherokee)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (CherryPy)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Cowboy HTTP Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Daiquiri)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Django)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (FrontPage)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (GlassFish)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Grafana)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Gunicorn Python WSGI HTTP Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Hiawatha)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (IBM HTTP Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (IBM Rational Team Concert (RTC))

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (IBM Security Access Manager (WebSEAL))

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (IIS)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Java)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Java Servlet)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (JBoss)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Jenkins)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Jetty)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Jolokia)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (JSP)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Kong)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Liferay Digital Experience Platform)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Liferay Portal)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Lighttpd)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (mod_ssl)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Mongrel Web Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Next.js React Framework)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Nexus Repository OSS)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Nginx)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (NuSOAP)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (OpenResty)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (OpenSSL)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Oracle)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Perl)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (PHP)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (phpMyAdmin)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Phusion Passenger)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Plone CMS)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Python)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Python WSGIserver)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Resin Application Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Restlet Framework)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (RoR)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Ruby)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (RubyGems)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (SharePoint)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Squid)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Sugar CRM)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Taleo Web Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Telerik Web UI)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Tomcat)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Tornado)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Trac Software Project Management Tool)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Tracy Debugging Tool)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (TwistedWeb HTTP Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Undertow Web Server)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (W3 Total Cache)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (WebLogic)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (WEBrick)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Werkzeug Python WSGI Library)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Zope)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

ViewState is not Encrypted

CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2017-A6

Low

Windows Short Filename

PCI v3.2-6.5.8, CAPEC-87, CWE-538, HIPAA-164.306(a), 164.308(a), ISO27001-A.8.2.3, WASC-34, OWASP 2013-A7, OWASP 2017-A6

Low

Windows Username Disclosure

PCI v3.2-6.5.5, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3

Low

WP Engine Configuration File Detected

CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Content Security Policy (CSP) Not Implemented

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

Expect-CT Not Enabled [deprecated]

CWE-16, ISO27001-A.14.1.2, WASC-15

Best Practice

Insecure Transportation Security Protocol Supported (TLS 1.1)

PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3

Best Practice

Missing X-XSS-Protection Header

CWE-16, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-15

Best Practice

Referrer-Policy Not Implemented

CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3

Best Practice

SameSite Cookie Not Implemented

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

SameSite None Cookie Not Marked as Secure

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

Subresource Integrity (SRI) Not Implemented

CWE-16, ISO27001-A.14.2.5, WASC-15

Best Practice

aah Go Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

AbanteCart Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Adminer Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Administration Page Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.1, WASC-34, OWASP 2013-A7, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

Ampache Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

An Unsafe Content Security Policy (CSP) Directive in Use

CWE-16, ISO27001-A.14.2.5, WASC-15

Information

Apache Coyote Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Apache Module Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Apache Traffic Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Apache Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Apple’s App-Site Association (AASA) Detected

ISO27001-A.18.1.3

Information

Artifactory DevOps Solution Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

ASP.NET Debugging Enabled

CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Information

ASP.NET Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

ASP.NET MVC Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Atlassian Confluence Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Atlassian Jira Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Atlassian Proxy Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

ATutor Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Authorization Required

ISO27001-A.9.4.1

Information

Autocomplete Enabled (Password Field)

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Information

AWStats Detected

CAPEC-224, CWE-205, ISO27001-A.14.2.5, WASC-45, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Information

Axway Secure Transport Detected [deprecated]

CWE-205, ISO27001-A.14.2.5, OWASP 2017-A6

Information

Axway SecureTransport Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

b2evolution Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Basic Authorization Required

ISO27001-A.9.4.1

Information

BitNinja Captcha Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Bomgar Remote Support Software Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Caddy Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

CakePHP Framework Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

CDN Detected (Airee)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Akamai)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Arvan Cloud)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Azure CDN)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (CDN77)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Fastly)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Fireblade)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Google Cloud CDN)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Incapsula)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Instart) [deprecated]

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (KeyCDN)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (MaxCDN)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Netlify)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (PowerCDN)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Qrator)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (Sucuri)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

CDN Detected (West263)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

Chamilo Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Cherokee Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

CherryPy Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Claroline Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

ClipBucket Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Collabtive Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Concrete5 Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Configuration File Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

contao Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Content Security Policy (CSP) Contains Out of Scope report-uri Domain

ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3

Information

Content Security Policy (CSP) Keywords Not Used Within Single Quotes

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Content Security Policy (CSP) Nonce Without Matching Script Block

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Content Security Policy (CSP) report-uri Uses HTTP

ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3

Information

Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Coppermine Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Cowboy HTTP Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Craft CMS Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Credit Card Disclosure

PCI v3.2-6.5.3, CAPEC-118, CWE-213, ISO27001-A.18.1.4, WASC-13, OWASP 2013-A6, OWASP 2017-A3

Information

Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy

CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A6

Information

Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy

CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A6

Information

Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy

CWE-200, ISO27001-A.14.1.2, OWASP 2013-A6, OWASP 2017-A6

Information

Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy

CWE-200, ISO27001-A.14.1.2, OWASP 2013-A6, OWASP 2017-A6

Information

Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy

CWE-200, ISO27001-A.14.1.2, OWASP 2013-A6, OWASP 2017-A6

Information

Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy

CWE-200, ISO27001-A.14.1.2, OWASP 2013-A6, OWASP 2017-A6

Information

Crossdomain.xml Detected

ISO27001-A.12.5.1

Information

CrushFTP Server Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

CubeCart Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Daiquiri Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

data: Used in a Content Security Policy (CSP) Directive

ISO27001-A.14.2.5

Information

Database Connection String Detected

CWE-16, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Information

Database Detected (HsqlDb)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Information

Database Detected (Microsoft Access)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

Database Detected (Microsoft SQL Server)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Information

Database Detected (MongoDB)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Information

Database Detected (MySQL)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Information

Database Detected (Oracle)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Information

Database Detected (PostgreSQL)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Information

DataDome Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

DbNinja Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Default Page Detected (Apache)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Default Page Detected (CakePHP Framework)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Default Page Detected (IIS 10.0)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Default Page Detected (IIS 6)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Default Page Detected (IIS 7)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Default Page Detected (IIS 7.5)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Default Page Detected (IIS 7.X)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Default Page Detected (IIS 8)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Default Page Detected (IIS 8.5)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Default Page Detected (Tomcat)

CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

default-src Used in Content Security Policy (CSP)

ISO27001-A.14.2.5

Information

Denial of Service (MySQL)

CWE-400, ISO27001-A.14.1.2, WASC-10, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Information

Deprecated Header Instruction Used to Implement Content Security Policy (CSP)

CWE-16, ISO27001-A.14.2.5, WASC-15

Information

Digest Authorization Required

ISO27001-A.9.4.1

Information

Directory Listing (Apache)

CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Directory Listing (ASP.NET Server)

CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Directory Listing (IIS)

CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Directory Listing (Lighttpd)

CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Directory Listing (LiteSpeed)

CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Directory Listing (Nginx)

CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Directory Listing (Tomcat)

CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Directory Listing (WebDAV)

CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

Disabled X-XSS-Protection Header

CWE-693, ISO27001-A.14.1.2, WASC-15

Information

Django Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

DokuWiki Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Dolibarr Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Dolphin Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

DotClear Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Drupal Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

e107 Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Elgg Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Email Address Disclosure

CAPEC-118, CWE-200, ISO27001-A.9.4.1, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

EspoCRM Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Expect-CT Header via HTTP [deprecated]

CWE-16, ISO27001-A.14.1.2, WASC-15

Information

Expect-CT in Report Only Mode [deprecated]

ISO27001-A.14.1.2

Information

Expect-CT Security Header Errors and Warnings [deprecated]

CWE-16, ISO27001-A.14.1.2, WASC-15

Information

ExpressJS Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Family Connections Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

File Upload Functionality Detected

ISO27001-A.8.1.1

Information

FluxBB Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Forbidden Resource

ISO27001-A.8.1.1

Information

Form Tools Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Front Accounting Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

FrontPage Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Generic Email Address Disclosure

CAPEC-118, CWE-200, ISO27001-A.18.1.4, WASC-13

Information

GibbonEdu Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GlassFish Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Grafana Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

GraphQL Endpoint Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Apollo)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Ariadne)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Dgraph)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Directus)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (GqlGen)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Graphene)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (GraphQL API for WordPress)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Graphql-Go)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (graphql-java)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (graphql-php)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Hasura)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Juniper)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Ruby-graphql)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Sangria)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (Tartiflette)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

GraphQL Library Detected (WPGraphQL)

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Gunicorn Python WSGI HTTP Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Hesk Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Hiawatha Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

.htaccess File Detected

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

HTTP Strict Transport Security (HSTS) Max-Age Value Too Low

CWE-16, ISO27001-A.14.1.2, WASC-15

Information

HTTP Strict Transport Security (HSTS) via HTTP

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6

Information

HubSpot Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

IBM Business Process Manager (BPM) Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

IBM HTTP Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

IBM Rational Team Concert (RTC) Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

IBM Security Access Manager (WebSEAL) Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

IIS Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

I’m a Teapot

ISO27001-None

Information

Incorrect Content Security Policy (CSP) Implementation

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Insecure Protocol Detected in Content Security Policy (CSP)

CWE-319, ISO27001-A.14.2.5

Information

Installation File Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5

Information

Intermediate Certificate is Signed Using a Weak Signature Algorithm

CAPEC-459, ISO27001-A.10, WASC-4, OWASP 2013-A6, OWASP 2017-A3

Information

Internal Path Disclosure (*nix)

CAPEC-118, CWE-200, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.1, WASC-13, OWASP 2017-A6

Information

Internal Path Disclosure (Windows)

CAPEC-118, CWE-200, HIPAA-164.306(a), 164.308(a), ISO27001-A.8.1.1, WASC-13

Information

Invalid Content Security Policy (CSP) Directive Identified in meta Elements

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Java Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Java Servlet Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

JBoss Application Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

JBoss Core Services Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

JBoss Enterprise Application Platform Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Jenkins Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Jetty Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Jolokia Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Joomla Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

JSP Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Kestrel Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Kong Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Liferay Digital Experience Platform Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Liferay Portal Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Lighthouse Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Lighttpd Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

LimeSurvey Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

LiteSpeed Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Log File Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5

Information

Magento Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Mashery Proxy Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

MediaWiki Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Mibew Messenger Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Mint Detected

CAPEC-224, CWE-205, ISO27001-A.14.2.5, WASC-45, OWASP 2017-A6

Information

Missing object-src in CSP Declaration

CWE-16, ISO27001-A.14.2.5, WASC-15

Information

MODX Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Mongrel Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Moodle Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Movable Type Detected [deprecated]

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Multiple Content Security Policy (CSP) Implementation Detected

CWE-16, ISO27001-A.14.2.5, WASC-15

Information

MyBB Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Next.js React Framework Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Nexus Repository OSS Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Nginx Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)

ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6

Information

Nonce Usage Detected in Content Security Policy (CSP) Directive

ISO27001-A.14.2.5

Information

NTLM Authorization Required

ISO27001-A.9.4.1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

NuSOAP Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Omeka Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

OpenCart Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

OpenResty Web Platform Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

OpenSearch.xml Detected

CWE-200, ISO27001-A.18.1.3

Information

OpenSSL Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

OpenVPN Access Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

OPTIONS Method Enabled

CAPEC-107, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Information

Oracle Application Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Oracle HTTP Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

osClass Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

osCommerce Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

osTicket Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Out-of-date (ASP.NET MVC)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date (FrontPage)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date (Mongrel)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date (Oracle Application Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date (Phusion Passenger)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date (SharePoint)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date (Taleo Web Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (AbanteCart)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Ampache)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (AngularJS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Apache)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Apache Coyote)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Apache Traffic Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Artifactory DevOps Solution)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (ASP.NET SignalR)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Atlassian Confluence)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Atlassian Jira)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Atlassian Proxy)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (ATutor)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (axios)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Axway SecureTransport Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (b2evolution)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Backbone.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (bluebird)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Bootbox.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Bootstrap)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Bootstrap 3 Date/Time Picker)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Bootstrap Toggle)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (CakePHP Framework)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Chamilo)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Chart.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Cherokee)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (CherryPy)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (CKEditor)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Claroline)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (ClipBucket)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Collabtive)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Concerte5)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (contao)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Coppermine)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Cowboy HTTP Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (CubeCart)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (D3.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Daiquiri)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (DataTables)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Django)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (DokuWiki)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Dolibarr)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Dolphin)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (DOMPurify)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (DotClear)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Drupal)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (DWR)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (e107)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (easyXDM)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (ef.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Elgg)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Ember.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (EspoCRM)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Ext JS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Fabric.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Family Connections)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (FancyBox)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Fingerprintjs2)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Flickity)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (FluxBB)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (FooTable)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Form Tools)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Foundation)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Front Accounting)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Fuel UX)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (GibbonEdu)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (GlassFish)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Google Charts)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Grafana)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (GSAP)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Gunicorn Python WSGI HTTP Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Hammer.JS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Handlebars.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Hesk)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Hiawatha)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Highcharts)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (HTML5 Shiv)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (IBM HTTP Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (IBM Rational Team Concert (RTC))

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (IBM Security Access Manager (WebSEAL))

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (IIS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (ImagePicker)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Inferno)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Intro.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Ion.RangeSlider)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Java)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (JavaScript Cookie)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (JBoss)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Jenkins)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Jetty Web Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Jolokia)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Joomla)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jPlayer)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jQuery)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jQuery Mask)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jQuery Migrate)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jQuery Mobile)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jQuery UI Autocomplete)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jQuery UI Dialog)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jQuery UI Tooltip)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jQuery Validation)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (JSP)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (jsTree)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Knockout)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Knockout Mapping)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Kong)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Lazy.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Leaflet)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Liferay Digital Experience Platform)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Liferay Portal)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Lightbox)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Lighttpd)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (LimeSurvey)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (List.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Lodash)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Magento)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, WASC-13, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Marionette.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (MathJax)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Math.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (MediaWiki)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Mibew Messenger)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Mithril)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Modernizr)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (MODX)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Moment.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Moodle)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Movable Type) [deprecated]

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (mustache.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (MyBB)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Next.js React Framework)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Nexus Repository OSS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Nginx)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, WASC-13, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (NuSOAP)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, WASC-13, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Omeka)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (OpenCart)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (OpenResty)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (OpenSSL)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (osClass)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (osCommerce)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (osTicket)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (ownCloud)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (pdf.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Perl)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (pH7CMS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Phaser)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Phorum) [deprecated]

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (PHP)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Php Address Book)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (phpBB)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (PhpFusion)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (phpList)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (PhpMyFAQ)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Piwigo)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Pixi.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Plone CMS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Plupload)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (PmWiki)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Podcast Generator)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Polymer)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (PrestaShop)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (prettyPhoto)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (ProjectSend)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Prototype JS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Python)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Python WSGIserver)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (qdPM)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Question2Answer)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Ramda)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (React)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (RequireJS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Resin Application Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Respond.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Restlet Framework)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Reveal.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Revive Adserver)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Rickshaw)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Riot.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (RoR)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Roundcube)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Ruby)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (RubyGems)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Rukovoditel)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (ScrollReveal)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Select2)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Semantic UI)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (SeoPanel)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Serendipity)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (slick)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Snap.svg)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Sortable)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Squid)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (SugarCRM)

CWE-1035, 937, ISO27001-A.18.1.3, WASC-13

Information

Out-of-date Version (SweetAlert2)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (TCExam)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Telerik Web UI)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Three.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Tomcat)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Tornado Web Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Trac Software Project Management Tool)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Tracy Debugging Tool)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (TwistedWeb HTTP Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (typeahead.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Typo3)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, WASC-13, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Underscore.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Undertow Web Server)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Vanilla Forums)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Video.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Vtiger) [deprecated]

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Vue.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (W3 Total Cache)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (webERP)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (WeBid)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (WebLogic)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Werkzeug Python WSGI Library)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (WordPress)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (XOOPS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (XRegExp)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (YetiForce CRM)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (YOURLS)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (YUI)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Zen Cart)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (ZenPhoto)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Zepto.js)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Zikula)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Zope)

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

Out-of-date Version (Zurmo) [deprecated]

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9

Information

ownCloud Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Pardot Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Perl Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

pH7CMS Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Phorum Detected [deprecated]

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Php Address Book Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

PHP Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

phpBB Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

PhpFusion Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

phpList Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

phpLiteAdmin Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

phpMoAdmin Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

phpMyAdmin Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

PhpMyFAQ Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Phusion Passenger Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Piwigo Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Piwik Detected

CAPEC-224, CWE-205, ISO27001-A.14.2.5, WASC-45, OWASP 2017-A6

Information

Play Web Framework Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Plesk (Linux) Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Plesk (Windows) Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Plone CMS Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

PmWiki Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Podcast Generator Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

PrestaShop Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Private Burp Collaborator Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

ProjectSend Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Python Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Python WSGIserver Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

qdPM Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Question2Answer Detected

CWE-205, ISO27001-A.14.2.5, OWASP 2017-A6

Information

Readme/Help File Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5

Information

Referrer-Policy Needs Proper Fallback

CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A6

Information

Resin Application Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Restlet Framework Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Reverse Proxy Detected (Apache Traffic Server)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

Reverse Proxy Detected (Citrix Netscaler)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

Reverse Proxy Detected (Envoy)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

Reverse Proxy Detected (F5 BIG-IP)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

Reverse Proxy Detected (HAProxy)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

Reverse Proxy Detected (Skipper)

CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45

Information

Revive Adserver Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Robots.txt Detected

ISO27001-A.18.1.3

Information

Roundcube Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Ruby on Rails Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

RubyGems Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Rukovoditel Detected

CWE-205, ISO27001-A.14.2.5, OWASP 2017-A6

Information

Scheme URI Detected in Content Security Policy (CSP) Directive

ISO27001-A.14.2.5

Information

Security.txt Detected

ISO27001-A.18.1.3

Information

SeoPanel Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Serendipity Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

SharePoint Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Shell Script Detected

CWE-200, ISO27001-A.8.1.1, WASC-13

Information

Shopify Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Silverlight Client Access Policy Detected

ISO27001-None

Information

Sitemap Detected

ISO27001-A.18.1.3

Information

SonicWall SSL-VPN Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

SQL File Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Information

Squarespace Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Squid Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Static Nonce Identified in Content Security Policy (CSP)

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Sugar CRM Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

swagger.json Detected

ISO27001-A.8.1.1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Tableau Server Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Taleo Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

TCExam Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Telerik Web UI Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Test File Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5

Information

Tomcat Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Tornado Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Trac Software Project Management Tool Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Tracy Debugging Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Travis CI Configuration File Detected

CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

TS Web Access Identified

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.1, WASC-34, OWASP 2013-A7, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

TwistedWeb HTTP Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Typo3 Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

UNC Server and Share Disclosure

CWE-16, ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Information

Undertow Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Unexpected Redirect Response Body (Too Large)

CWE-698, ISO27001-A.14.2.5, WASC-40

Information

Unknown Option Used In Referrer-Policy

CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A6

Information

Unsupported Hash Detected in Content Security Policy (CSP)

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Information

Vanilla Forums Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Varnish HTTP Cache Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Vegur Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Vtiger Detected [deprecated]

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

W3 Total Cache Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Weak Nonce Detected in Content Security Policy (CSP) Declaration

CWE-330, ISO27001-A.14.2.5, WASC-16, OWASP 2013-A5, OWASP 2017-A6

Information

Web Application Firewall Detected

ISO27001-A.18.1.3

Information

Webalizer Detected

CAPEC-224, CWE-205, ISO27001-A.14.2.5, WASC-45, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

Web.config File Detected

CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

WebDAV Enabled

CWE-16, ISO27001-A.9.4.4, WASC-15, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C

Information

webERP Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

WeBid Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

WebLogic Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Werkzeug Python WSGI Library Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Whoops Error Handler Framework Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive

ISO27001-A.14.2.5

Information

Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive

ISO27001-A.14.2.5

Information

Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive

ISO27001-A.14.2.5

Information

WildFly Application Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Windows Azure Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

WordPress Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

WS_FTP Log File Detected

CAPEC-118, CWE-538, ISO27001-A.9.4.1, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Information

XOOPS Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

YetiForce CRM Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

YOURLS Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Zen Cart Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

ZenPhoto Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Zikula Detected

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Zope Web Server Identified

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Information

Zurmo Detected [deprecated]

CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6

Information

Provably accurate, fast & easy-to-use Web Application Security Scanner

Get a demo

Web Application Vulnerabilities Index

Select Category

Search Vulnerability