Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as ISO27001-A.14.1.3 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Active Mixed Content over HTTPS
Active Mixed Content over HTTPS
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Medium
Anonymous Ciphers Supported
Anonymous Ciphers Supported
CAPEC-117
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
, 
CWE-311
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Basic Authorization over HTTP
Basic Authorization over HTTP
CAPEC-65
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Critical Form Send to HTTP
Critical Form Send to HTTP
CAPEC-65
, 
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Critical Form Served over HTTP
Critical Form Served over HTTP
CAPEC-65
, 
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Insecure HTTP Usage
Insecure HTTP Usage
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-4
, 
Medium
Insecure Transportation Security Protocol Supported (SSLv2)
Insecure Transportation Security Protocol Supported (SSLv2)
CAPEC-217
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Insecure Transportation Security Protocol Supported (SSLv3)
Insecure Transportation Security Protocol Supported (SSLv3)
CAPEC-217
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
Insecure Transportation Security Protocol Supported (TLS 1.0)
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
Insecure Transportation Security Protocol Supported (TLS 1.1)
Insecure Transportation Security Protocol Supported (TLS 1.1)
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Low
Invalid SSL Certificate
Invalid SSL Certificate
CAPEC-459
, 
CWE-295
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Passive Mixed Content over HTTPS
Passive Mixed Content over HTTPS
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
Password Transmitted over HTTP
Password Transmitted over HTTP
CAPEC-65
, 
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
, 
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
ROBOT Attack Detected (Strong Oracle)
ROBOT Attack Detected (Strong Oracle)
CAPEC-217
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
ROBOT Attack Detected (Weak Oracle)
ROBOT Attack Detected (Weak Oracle)
CAPEC-217
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
High
SSL/TLS Not Implemented
SSL/TLS Not Implemented
CAPEC-217
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
CWE-311
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Weak Ciphers Enabled
Weak Ciphers Enabled
CAPEC-217
, 
CWE-327
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Web Cache Deception
Web Cache Deception
CAPEC-CAPEC
, 
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-2.2.3
, 
WASC-6
, 
Critical