Web Application Vulnerabilities Index
This page lists all vulnerabilities that can be detected by Invicti.
| Vulnerability Name | Classifications | Severity |
|---|---|---|
| Server-Side Request Forgery (Oracle Cloud) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Critical |
| Server-Side Request Forgery (Packet Cloud) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Critical |
| Server-Side Request Forgery (trace.axd) | PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Critical |
| Server-Side Request Forgery (Apache Server Status) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
| Server-Side Request Forgery (AWS) | CWE-918; ISO27001-A.14.2.5; OWASP 2017-A5 | High |
| Server-Side Request Forgery (elmah MVC) | PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
| Server-Side Request Forgery (elmah) | PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | High |
| Server-Side Request Forgery (MySQL) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
| Server-Side Request Forgery (SSH) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
| Server-Side Request Forgery | CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Medium |
| Server-Side Request Forgery (Time Based) | CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Medium |
