This page lists all vulnerabilities that can be detected by Invicti.
Vulnerability Name | Classifications | Severity |
---|---|---|
.DS_Store File Found | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A5 | Low |
Apache Multiple Choices Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Apache MultiViews Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
ASP.NET ViewStateUserKey Is Not Set | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
Autocomplete is Enabled | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Backup File Disclosure | PCI v3.2-6.5.8; CAPEC-87; CWE-530; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Low |
Cookie Not Marked as HttpOnly | CAPEC-107; CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Cookie Not Marked as Secure | PCI v3.2-6.5.10; CAPEC-102; CWE-614; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A6; OWASP 2017-A3 | Low |
Cookie Values Used in Anti-CSRF Token | CWE-352; HIPAA-164.306(a); ISO27001-A.14.1.2; OWASP 2013-A5; OWASP 2017-A6 | Low |
Cross-site Request Forgery | PCI v3.2-6.5.9; CAPEC-62; CWE-352; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-9; OWASP 2013-A8; OWASP 2017-A5 | Low |
Cross-site Request Forgery in Login Form | PCI v3.2-6.5.9; CAPEC-62; CWE-352; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-9; OWASP 2013-A8; OWASP 2017-A5 | Low |
Database Error Message Disclosure | PCI v3.2-6.5.5; CAPEC-118; CWE-210; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Database Name Disclosure (Microsoft SQL Server) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Database Name Disclosure (MySQL) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Django Debug Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Exception Report Disclosure (Tomcat) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Form Hijacking | CWE-20; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Low |
Information Disclosure (Microsoft Office) | PCI v3.2-6.5.5; CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13 | Low |
Insecure Frame (External) | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2017-A6 | Low |
Insecure JSONP Endpoint | CWE-20; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A1 | Low |
Insecure Reflected Content | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A1 | Low |
Insecure Transportation Security Protocol Supported (TLS 1.0) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Low |
Internal IP Address Disclosure | CWE-200; ISO27001-A.18.1.4; OWASP 2013-A6; OWASP 2017-A3 | Low |
Internal Server Error | CWE-550; ISO27001-A.14.1.2; WASC-13 | Low |
Laravel Debug Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.14.1.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Laravel Environment Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Microsoft IIS Log File Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | Low |
Microsoft Outlook Personal Folders File (.pst) Found | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A5 | Low |
Misconfigured Access-Control-Allow-Origin Header | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Misconfigured Frame | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2017-A6 | Low |
Misconfigured X-Frame-Options Header | CAPEC-103; CWE-693; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Low |
Missing Content-Type Header | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
Missing X-Frame-Options Header | CAPEC-103; CWE-693; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Low |
Multiple Declarations in X-Frame-Options Header | CAPEC-103; CWE-693; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | Low |
Open Redirection in POST method | CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10; OWASP 2017-A5 | Low |
Out-of-date Component ({applicationName}) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Passive Mixed Content over HTTPS | CWE-319; ISO27001-A.14.1.3; OWASP 2013-A6; OWASP 2017-A3 | Low |
Passive Web Backdoor Detected | PCI v3.2-6.5.6; CWE-507; HIPAA-164.308(a); ISO27001-A.12.2.1; OWASP 2017-A10 | Low |
Phishing by Navigating Browser Tabs | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
PHP allow_url_fopen Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
PHP allow_url_include Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
PHP display_errors Is Enabled | CWE-211; OWASP 2013-A5; OWASP 2017-A6 | Low |
PHP open_basedir Is Not Configured | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Low |
phpinfo() Output Detected | CAPEC-346; CWE-213; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Low |
Programming Error Message | PCI v3.2-6.5.5; CAPEC-118; CWE-210; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Programming Error Message (Ruby) | PCI v3.2-6.5.5; CAPEC-118; CWE-210; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Reflected File Download | PCI v3.2-6.5.1; CAPEC-375; CWE-840; ISO27001-A.14.2.5; WASC-42; OWASP 2013-A1; OWASP 2017-A1 | Low |
RoR Database Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |
RoR Development Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.14.1.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Social Security Number Disclosure | PCI v3.2-6.5.3; CAPEC-118; CWE-213; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Low |
Stack Trace Disclosure (Apache MyFaces) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Stack Trace Disclosure (ASP.NET) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Stack Trace Disclosure (CakePHP Framework) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Stack Trace Disclosure (CherryPy) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Stack Trace Disclosure (Grails) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Struts2 Development Mode Enabled | PCI v3.2-6.5.5; CAPEC-214; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Subresource Integrity (SRI) Hash Invalid | CWE-16; ISO27001-A.14.2.5; WASC-15 | Low |
TRACE/TRACK Method Detected | CAPEC-107; CWE-16; ISO27001-A.14.1.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Unexpected Redirect Response Body (Two Responses) | CWE-698; ISO27001-A.14.2.5; WASC-25 | Low |
User Controllable Cookie | CWE-20; ISO27001-A.14.2.5; WASC-20 | Low |
Username Disclosure (Microsoft SQL Server) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.4; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Low |
Username Disclosure (MySQL) | PCI v3.2-6.5.5; CAPEC-118; CWE-201; HIPAA-164.306(a); ISO27001-A.18.1.4; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Low |
Version Disclosure (Apache Coyote) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Apache Module) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Apache Traffic Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Apache) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Artifactory DevOps Solution) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (ASP.NET MVC) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (ASP.NET) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Atlassian Confluence) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Atlassian Jira) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Atlassian Proxy) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Axway SecureTransport Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (CakePHP Framework) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Cherokee) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (CherryPy) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Cowboy HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Daiquiri) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Django) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (FrontPage) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (GlassFish) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Grafana) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Gunicorn Python WSGI HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Hiawatha) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (IBM HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (IBM Rational Team Concert (RTC)) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (IBM Security Access Manager (WebSEAL)) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (IIS) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Java Servlet) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Java) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (JBoss) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Jenkins) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Jetty) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Jolokia) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (JSP) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Kong) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Liferay Digital Experience Platform) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Liferay Portal) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Lighttpd) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (mod_ssl) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Mongrel Web Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Next.js React Framework) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Nexus Repository OSS) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Nginx) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (NuSOAP) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (OpenResty) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (OpenSSL) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Oracle) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Perl) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (PHP) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (phpMyAdmin) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Phusion Passenger) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Plone CMS) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Python WSGIserver) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Python) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Resin Application Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Restlet Framework) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (RoR) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Ruby) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (RubyGems) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (SharePoint) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Squid) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Sugar CRM) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Taleo Web Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Telerik Web UI) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Tomcat) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Tornado) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Trac Software Project Management Tool) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Tracy Debugging Tool) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (TwistedWeb HTTP Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Undertow Web Server) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (W3 Total Cache) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (WebLogic) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (WEBrick) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Werkzeug Python WSGI Library) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Zope) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
ViewState is not Encrypted | CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2017-A6 | Low |
Windows Short Filename | PCI v3.2-6.5.8; CAPEC-87; CWE-538; HIPAA-164.306(a), 164.308(a); ISO27001-A.8.2.3; WASC-34; OWASP 2013-A7; OWASP 2017-A6 | Low |
Windows Username Disclosure | PCI v3.2-6.5.5; CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Low |
WP Engine Configuration File Detected | CWE-16; ISO27001-A.9.4.1; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Low |