Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as OWASP 2017-A6 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
aah Go Server Identified
aah Go Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
AbanteCart Detected
AbanteCart Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
actionhero.js Identified
actionhero.js Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Adminer Detected
Adminer Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
AEM Detected
AEM Detected
CWE-205
, 
ISO27001-A14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Ampache Detected
Ampache Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Angular Identified
Angular Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Angularjs Identified
Angularjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apache Coyote Identified
Apache Coyote Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apache Module Identified
Apache Module Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apache Multiple Choices Enabled
Apache Multiple Choices Enabled
CWE-16
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Low
Apache MultiViews Enabled
Apache MultiViews Enabled
CWE-16
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Low
Apache Server-Info Detected
Apache Server-Info Detected
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Apache Server-Status Detected
Apache Server-Status Detected
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Medium
Apache Shiro Identified
Apache Shiro Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apache Traffic Server Identified
Apache Traffic Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Apache Web Server Identified
Apache Web Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Artifactory DevOps Solution Identified
Artifactory DevOps Solution Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ASP.NET Cookieless Authentication Is Enabled
ASP.NET Cookieless Authentication Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
ASP.NET Cookieless Session State Is Enabled
ASP.NET Cookieless Session State Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
ASP.NET Debugging Enabled
ASP.NET Debugging Enabled
CWE-16
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Information
ASP.NET: Failure To Require SSL For Authentication Cookies
ASP.NET: Failure To Require SSL For Authentication Cookies
CWE-16
, 
OWASP 2017-A6
, 
Medium
ASP.NET Identified
ASP.NET Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ASP.NET MVC Identified
ASP.NET MVC Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
AspNetSignalR Identified
AspNetSignalR Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ASP.NET Tracing Is Enabled
ASP.NET Tracing Is Enabled
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
, 
CWE-11
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
ASP.NET ValidateRequest Is Globally Disabled
ASP.NET ValidateRequest Is Globally Disabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
ASP.NET ViewStateUserKey Is Not Set
ASP.NET ViewStateUserKey Is Not Set
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Atlassian Confluence Identified
Atlassian Confluence Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Atlassian Jira Identified
Atlassian Jira Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Atlassian Proxy Identified
Atlassian Proxy Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ATutor Detected
ATutor Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Autocomplete Enabled (Password Field)
Autocomplete Enabled (Password Field)
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Autocomplete is Enabled
Autocomplete is Enabled
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
AWS Dockerrun Configuration File Detected
AWS Dockerrun Configuration File Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
AWStats Detected
AWStats Detected
CAPEC-224
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-45
, 
Information
Axios Identified
Axios Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Axway Secure Transport Detected
Axway Secure Transport Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
Information
Axway SecureTransport Server Identified
Axway SecureTransport Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
b2evolution Detected
b2evolution Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Backbonejs Identified
Backbonejs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
BitNinja Captcha Server Identified
BitNinja Captcha Server Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Bluebird Identified
Bluebird Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Bomgar Remote Support Software Detected
Bomgar Remote Support Software Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Bootbox Identified
Bootbox Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Bootstrap3DateTimePicker Identified
Bootstrap3DateTimePicker Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Bootstrapjs Identified
Bootstrapjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
BootstrapSelect Identified
BootstrapSelect Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
BootstrapTable Identified
BootstrapTable Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
BootstrapToggle Identified
BootstrapToggle Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
BootstrapTypeahead Identified
BootstrapTypeahead Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Caddy Web Server Identified
Caddy Web Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
CakePHP Framework Identified
CakePHP Framework Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
CanvasJS Identified
CanvasJS Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Cdnjs Identified
Cdnjs Identified
CWE-205
, 
ISO27001-A14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Chamilo Detected
Chamilo Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Chartjs Identified
Chartjs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Cherokee Identified
Cherokee Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
CherryPy Identified
CherryPy Identified
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Ckeditor Identified
Ckeditor Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Claroline Detected
Claroline Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
ClipBucket Detected
ClipBucket Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Cloudflare Bot Management
Cloudflare Bot Management
CWE-205
, 
ISO27001-A14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Cloudflare Browser Insights
Cloudflare Browser Insights
CWE-205
, 
ISO27001-A14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Cloudflare Identified
Cloudflare Identified
CWE-205
, 
ISO27001-A14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Code Execution via WebDAV
Code Execution via WebDAV
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
CWE-94
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.8
, 
WASC-17
, 
Critical
Collabtive Detected
Collabtive Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Concrete5 Detected
Concrete5 Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
contao Detected
contao Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
WASC-13
, 
Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information
Content Security Policy (CSP) Nonce Without Matching Script Block
Content Security Policy (CSP) Nonce Without Matching Script Block
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Information