Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as CWE-200 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
CDN Detected (Airee)
CDN Detected (Airee)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Akamai)
CDN Detected (Akamai)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Arvan Cloud)
CDN Detected (Arvan Cloud)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Azure CDN)
CDN Detected (Azure CDN)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (CDN77)
CDN Detected (CDN77)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Fastly)
CDN Detected (Fastly)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Fireblade)
CDN Detected (Fireblade)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Google Cloud CDN)
CDN Detected (Google Cloud CDN)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Incapsula)
CDN Detected (Incapsula)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Instart)
CDN Detected (Instart)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (JsDelivr)
CDN Detected (JsDelivr)
CAPEC-224
, 
CWE-200
, 
WASC-45
, 
Information
CDN Detected (KeyCDN)
CDN Detected (KeyCDN)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (MaxCDN)
CDN Detected (MaxCDN)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Netlify)
CDN Detected (Netlify)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (PowerCDN)
CDN Detected (PowerCDN)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Qrator)
CDN Detected (Qrator)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (StackPath)
CDN Detected (StackPath)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (Sucuri)
CDN Detected (Sucuri)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
CDN Detected (West263)
CDN Detected (West263)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy
Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy
CWE-200
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy
Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Default Page Detected (Apache)
Default Page Detected (Apache)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (CakePHP Framework)
Default Page Detected (CakePHP Framework)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 10.0)
Default Page Detected (IIS 10.0)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 6)
Default Page Detected (IIS 6)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 7)
Default Page Detected (IIS 7)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 7.5)
Default Page Detected (IIS 7.5)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 7.X)
Default Page Detected (IIS 7.X)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 8)
Default Page Detected (IIS 8)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (IIS 8.5)
Default Page Detected (IIS 8.5)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Default Page Detected (Tomcat)
Default Page Detected (Tomcat)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
Information
Email Address Disclosure
Email Address Disclosure
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-200
, 
ISO27001-A.9.4.1
, 
WASC-13
, 
Information
Express Development Mode Is Enabled
Express Development Mode Is Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Express express-session Weak Secret Key Detected
Express express-session Weak Secret Key Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-200
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Generic Email Address Disclosure
Generic Email Address Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.4
, 
WASC-13
, 
Information
Information Disclosure (Microsoft Office)
Information Disclosure (Microsoft Office)
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Internal IP Address Disclosure
Internal IP Address Disclosure
CWE-200
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
Internal Path Disclosure (*nix)
Internal Path Disclosure (*nix)
CAPEC-118
, 
CWE-200
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.1
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Internal Path Disclosure (Windows)
Internal Path Disclosure (Windows)
CAPEC-118
, 
CWE-200
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.8.1.1
, 
WASC-13
, 
Information
JBoss Web Console JMX Invoker
JBoss Web Console JMX Invoker
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
CWE-200
, 
High
Json Web Key Set Disclosure
Json Web Key Set Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.4
, 
WASC-13
, 
Information
OpenSearch.xml Detected
OpenSearch.xml Detected
CWE-200
, 
ISO27001-A.18.1.3
, 
Information
Private Json Web Key Set Disclosure
Private Json Web Key Set Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.4
, 
WASC-13
, 
Critical
Referrer-Policy Needs Proper Fallback
Referrer-Policy Needs Proper Fallback
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A6
, 
Information
Referrer-Policy Not Implemented
Referrer-Policy Not Implemented
CWE-200
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Best Practice
Reverse Proxy Detected (Apache Traffic Server)
Reverse Proxy Detected (Apache Traffic Server)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (Citrix Netscaler)
Reverse Proxy Detected (Citrix Netscaler)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (Envoy)
Reverse Proxy Detected (Envoy)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (F5 BIG-IP)
Reverse Proxy Detected (F5 BIG-IP)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (HAProxy)
Reverse Proxy Detected (HAProxy)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
Reverse Proxy Detected (Skipper)
Reverse Proxy Detected (Skipper)
CAPEC-224
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
WASC-45
, 
Information
RSA Private Key Detected
RSA Private Key Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Sensitive Data Exposure
Sensitive Data Exposure
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Amazon AWS Access Key Id
Sensitive Data Exposure - Amazon AWS Access Key Id
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Amazon AWS Secret Key
Sensitive Data Exposure - Amazon AWS Secret Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Amazon MWS Auth Token
Sensitive Data Exposure - Amazon MWS Auth Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Amazon SES SMTP Password
Sensitive Data Exposure - Amazon SES SMTP Password
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Consul Token
Sensitive Data Exposure - Consul Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Database Connection String - MongoDB - MySQL
Sensitive Data Exposure - Database Connection String - MongoDB - MySQL
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Database Connection String - PostgreSQL
Sensitive Data Exposure - Database Connection String - PostgreSQL
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Devise Secret Key
Sensitive Data Exposure - Devise Secret Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Facebook Access Token
Sensitive Data Exposure - Facebook Access Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Facebook App ID
Sensitive Data Exposure - Facebook App ID
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Facebook App Secret
Sensitive Data Exposure - Facebook App Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Gitlab Personal Access Token
Sensitive Data Exposure - Gitlab Personal Access Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Google Cloud API Key
Sensitive Data Exposure - Google Cloud API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Google OAuth Access Token
Sensitive Data Exposure - Google OAuth Access Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Heroku API Key
Sensitive Data Exposure - Heroku API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - JDBC Database Connection String
Sensitive Data Exposure - JDBC Database Connection String
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Jenkins Secret
Sensitive Data Exposure - Jenkins Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium