Invicti

HTTP Strict Transport Security (HSTS) Policy Not Enabled

CAPEC-217

,

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

,

CWE-523

,

ISO27001-A.14.1.2

,

OWASP 2013-A6

,

OWASP 2017-A3

,

WASC-4

,

Medium

Insecure Transportation Security Protocol Supported (SSLv2)

CAPEC-217

,

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

,

CWE-326

,

HIPAA-164.306

,

ISO27001-A.14.1.3

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.4

,

WASC-4

,

High

Insecure Transportation Security Protocol Supported (SSLv3)

CAPEC-217

,

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

,

CWE-326

,

HIPAA-164.306

,

ISO27001-A.14.1.3

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.4

,

WASC-4

,

High

Insecure Transportation Security Protocol Supported (TLS 1.0)

CAPEC-217

,

CWE-326

,

HIPAA-164.306

,

ISO27001-A.14.1.3

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.4

,

WASC-4

,

High

Insecure Transportation Security Protocol Supported (TLS 1.1)

CAPEC-217

,

CWE-326

,

HIPAA-164.306

,

ISO27001-A.14.1.3

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.4

,

WASC-4

,

Low

ROBOT Attack Detected (Strong Oracle)

CAPEC-217

,

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C

,

ISO27001-A.14.1.3

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.4

,

WASC-4

,

High

ROBOT Attack Detected (Weak Oracle)

CAPEC-217

,

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C

,

ISO27001-A.14.1.3

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.4

,

WASC-4

,

High

SSL/TLS Not Implemented

CAPEC-217

,

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

,

CWE-311

,

HIPAA-164.306

,

ISO27001-A.14.1.3

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.4

,

WASC-4

,

Medium

Weak Ciphers Enabled

CAPEC-217

,

CWE-327

,

ISO27001-A.14.1.3

,

OWASP 2013-A6

,

OWASP 2017-A3

,

PCI v3.2-6.5.4

,

WASC-4

,

Medium

Web Application Vulnerabilities Index

Select Category

Select Vulnerability

Select Vulnerability