Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as CWE-16 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Spring Boot Misconfiguration: Unsafe value for session tracking
Spring Boot Misconfiguration: Unsafe value for session tracking
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Spring Misconfiguration: HTML Escaping disabled
Spring Misconfiguration: HTML Escaping disabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Static Nonce Identified in Content Security Policy (CSP)
Static Nonce Identified in Content Security Policy (CSP)
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Struts 2 Config Browser plugin enabled
Struts 2 Config Browser plugin enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Struts 2 Development Mode Enabled
Struts 2 Development Mode Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Struts2 Development Mode Enabled
Struts2 Development Mode Enabled
CAPEC-214
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Sublime SFTP Config File Detected
Sublime SFTP Config File Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Medium
Subresource Integrity (SRI) Hash Invalid
Subresource Integrity (SRI) Hash Invalid
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Low
Subresource Integrity (SRI) Not Implemented
Subresource Integrity (SRI) Not Implemented
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Best Practice
Trace.axd Detected
Trace.axd Detected
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
TRACE/TRACK Method Detected
TRACE/TRACK Method Detected
CAPEC-107
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Low
Travis CI Configuration File Detected
Travis CI Configuration File Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
UNC Server and Share Disclosure
UNC Server and Share Disclosure
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Unsafe value for session tracking in WEB-INF/web.xml
Unsafe value for session tracking in WEB-INF/web.xml
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Unsupported Hash Detected in Content Security Policy (CSP)
Unsupported Hash Detected in Content Security Policy (CSP)
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
ViewState is not Encrypted
ViewState is not Encrypted
CWE-16
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
ViewState MAC Disabled
ViewState MAC Disabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-15
, 
Medium
WebDAV Enabled
WebDAV Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.9.4.4
, 
WASC-15
, 
Information