This page lists all vulnerabilities that can be detected by Invicti.
Vulnerability Name | Classifications | Severity |
---|---|---|
Active Mixed Content over HTTPS | CWE-319; ISO27001-A.14.1.3; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Anonymous Ciphers Supported | PCI v3.2-6.5.4; CAPEC-117; CWE-311; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Apache Server-Info Detected | CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Apache Server-Status Detected | CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ASP.NET Cookieless Authentication Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ASP.NET Cookieless Session State Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ASP.NET CustomErrors Is Disabled | CWE-16; OWASP 2013-A6; OWASP 2017-A3 | Medium |
ASP.NET Login Credentials Stored In Plain Text | CWE-312; OWASP 2013-A6; OWASP 2017-A3 | Medium |
ASP.NET ValidateRequest Is Globally Disabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ASP.NET: Failure To Require SSL For Authentication Cookies | CWE-16; OWASP 2017-A6 | Medium |
Base Tag Hijacking | PCI v3.2-6.5.7; CAPEC-19; CWE-20; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 | Medium |
BREACH Attack Detected | CWE-310; OWASP 2013-A9; OWASP 2017-A9 | Medium |
Critical Form Send to HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Critical Form Served over HTTP | PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
CVS Detected | CAPEC-118; CWE-527; ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Expired SSL Certificate | CWE-295; OWASP 2017-A3 | Medium |
Frame Injection | PCI v3.2-6.5.1; CWE-601; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-38; OWASP 2013-A1; OWASP 2017-A1 | Medium |
GIT Detected | CAPEC-118; CWE-527; ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Medium |
HTTP Header Injection | PCI v3.2-6.5.1; CAPEC-105; CWE-93; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-24; OWASP 2013-A1; OWASP 2017-A1 | Medium |
HTTP Header Injection (IAST) | PCI v3.2-6.5.1; CAPEC-105; CWE-93; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-24; OWASP 2013-A1; OWASP 2017-A1 | Medium |
HTTP Strict Transport Security (HSTS) Errors and Warnings | CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
HTTP Strict Transport Security (HSTS) Policy Not Enabled | CAPEC-217; CWE-523; ISO27001-A.14.1.2; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Insecure HTTP Usage | ISO27001-A.14.1.3; WASC-4; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Insecure Transportation Security Protocol Supported (SSLv3) | PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Invalid SSL Certificate | PCI v3.2-6.5.4; CAPEC-459; CWE-295; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Microsoft Access Database File Detected | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 | Medium |
Open Policy Crossdomain.xml Detected | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Open Redirection | CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10 | Medium |
Open Redirection (DOM based) | CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10 | Medium |
Open Silverlight Client Access Policy | CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Password Transmitted over Query String | PCI v3.2-6.5.4; CWE-598; ISO27001-A.14.2.5; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Medium |
PHP enable_dl Is Enabled | CWE-16; OWASP 2013-A5; OWASP 2017-A6 | Medium |
PHP register_globals Is Enabled | CWE-473; OWASP 2013-A5; OWASP 2017-A6 | Medium |
PHP session.use_only_cookies Is Disabled | CWE-598; OWASP 2013-A5; OWASP 2017-A6 | Medium |
PHP session.use_trans_sid Is Enabled | CWE-598; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Revoked SSL Certificate | CWE-295; OWASP 2017-A3 | Medium |
RSA Private Key Detected | CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Server-Side Request Forgery | CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Medium |
Server-Side Request Forgery (Time Based) | CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 | Medium |
Source Code Disclosure (ASP.NET) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (ColdFusion) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Generic) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Java Servlet) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Java) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (JSP) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Perl) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (PHP) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Python) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Ruby) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Tomcat) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
SQLite Database File Found | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 | Medium |
SSL Certificate Is About To Expire | CWE-295; OWASP 2017-A3 | Medium |
SSL Certificate Name Hostname Mismatch | CWE-295; OWASP 2017-A3 | Medium |
SSL Untrusted Root Certificate | CWE-295; OWASP 2017-A3 | Medium |
SSL/TLS Not Implemented | PCI v3.2-6.5.4; CAPEC-217; CWE-311; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
Stack Trace Disclosure (ColdFusion) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Django) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Java) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Laravel) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Python) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (RoR) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Stack Trace Disclosure (Ruby-Sinatra Framework) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Sublime SFTP Config File Detected | CWE-16; ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Unicode Transformation (Best-Fit Mapping) | CWE-20 | Medium |
ViewState MAC Disabled | CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2017-A6 | Medium |
Weak Ciphers Enabled | PCI v3.2-6.5.4; CAPEC-217; CWE-327; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 | Medium |
WordPress Setup Configuration File | PCI v3.2-6.5.8; CAPEC-212; CWE-665; HIPAA-164.312(a)(1); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
ZSH History File Detected | PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 | Medium |