Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as OWASP 2017-A3 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Sensitive Data Exposure - Teams Webhook
Sensitive Data Exposure - Teams Webhook
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Telegram Bot API Token
Sensitive Data Exposure - Telegram Bot API Token
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Twilio API Key
Sensitive Data Exposure - Twilio API Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Twitter Access Token Secret
Sensitive Data Exposure - Twitter Access Token Secret
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - Twitter API Secret Key
Sensitive Data Exposure - Twitter API Secret Key
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Sensitive Data Exposure - WordPress Authentication Key/Salt
Sensitive Data Exposure - WordPress Authentication Key/Salt
CAPEC-37
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-200
, 
ISO27001-A.8.2.1
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.6
, 
WASC-WASC-13
, 
Medium
Session Cookie Not Marked as Secure
Session Cookie Not Marked as Secure
CAPEC-102
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-614
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.10
, 
WASC-15
, 
Medium
Social Security Number Disclosure
Social Security Number Disclosure
CAPEC-118
, 
CWE-213
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.3
, 
WASC-13
, 
Low
Source Code Disclosure (ASP.NET)
Source Code Disclosure (ASP.NET)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (ColdFusion)
Source Code Disclosure (ColdFusion)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (Generic)
Source Code Disclosure (Generic)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (Java)
Source Code Disclosure (Java)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (Java Servlet)
Source Code Disclosure (Java Servlet)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (JSP)
Source Code Disclosure (JSP)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (Perl)
Source Code Disclosure (Perl)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (PHP)
Source Code Disclosure (PHP)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (Python)
Source Code Disclosure (Python)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (Ruby)
Source Code Disclosure (Ruby)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
Source Code Disclosure (Tomcat)
Source Code Disclosure (Tomcat)
CAPEC-118
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-540
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
WASC-13
, 
Medium
SQLite Database File Found
SQLite Database File Found
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-285
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.8
, 
WASC-2
, 
Medium
SSL Certificate Is About To Expire
SSL Certificate Is About To Expire
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
, 
CWE-295
, 
OWASP 2017-A3
, 
Medium
SSL Certificate Name Hostname Mismatch
SSL Certificate Name Hostname Mismatch
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
, 
CWE-295
, 
OWASP 2017-A3
, 
Medium
SSL/TLS Not Implemented
SSL/TLS Not Implemented
CAPEC-217
, 
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
, 
CWE-311
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
SSL Untrusted Root Certificate
SSL Untrusted Root Certificate
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
, 
CWE-295
, 
OWASP 2017-A3
, 
Medium
TLS/SSL Certificate Key Size Too Small
TLS/SSL Certificate Key Size Too Small
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
, 
CWE-295
, 
OWASP 2017-A3
, 
Medium
Username Disclosure (Microsoft SQL Server)
Username Disclosure (Microsoft SQL Server)
CAPEC-118
, 
CWE-201
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Username Disclosure (MySQL)
Username Disclosure (MySQL)
CAPEC-118
, 
CWE-201
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Weak Basic Authentication Credentials
Weak Basic Authentication Credentials
CAPEC-16
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-521
, 
ISO27001-A.9.4.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.10
, 
WASC-15
, 
High
Weak Ciphers Enabled
Weak Ciphers Enabled
CAPEC-217
, 
CWE-327
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Medium
Windows Username Disclosure
Windows Username Disclosure
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
ZSH History File Detected
ZSH History File Detected
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-284
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.8
, 
WASC-2
, 
Medium