Web Application Vulnerabilities Index

This page lists vulnerabilities categorized as Low severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Apache Multiple Choices Enabled
Apache Multiple Choices Enabled
CWE-16
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Low
Apache MultiViews Enabled
Apache MultiViews Enabled
CWE-16
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Low
ASP.NET ViewStateUserKey Is Not Set
ASP.NET ViewStateUserKey Is Not Set
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Autocomplete is Enabled
Autocomplete is Enabled
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
AWS Dockerrun Configuration File Detected
AWS Dockerrun Configuration File Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Backup File Disclosure
Backup File Disclosure
CAPEC-87
, 
CWE-530
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
Low
Cookie Not Marked as HttpOnly
Cookie Not Marked as HttpOnly
CAPEC-107
, 
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Cookie Not Marked as Secure
Cookie Not Marked as Secure
CAPEC-102
, 
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-614
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.10
, 
WASC-15
, 
Low
Cookie Values Used in Anti-CSRF Token
Cookie Values Used in Anti-CSRF Token
CWE-352
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Cross-site Request Forgery
Cross-site Request Forgery
CAPEC-62
, 
CWE-352
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A8
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.9
, 
WASC-9
, 
Low
Cross-site Request Forgery in Login Form
Cross-site Request Forgery in Login Form
CAPEC-62
, 
CWE-352
, 
HIPAA-164.306(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A8
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.9
, 
WASC-9
, 
Low
Database Error Message Disclosure
Database Error Message Disclosure
CAPEC-118
, 
CWE-210
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Database Name Disclosure (Microsoft SQL Server)
Database Name Disclosure (Microsoft SQL Server)
CAPEC-118
, 
CWE-201
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Database Name Disclosure (MySQL)
Database Name Disclosure (MySQL)
CAPEC-118
, 
CWE-201
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Django Debug Mode Enabled
Django Debug Mode Enabled
CAPEC-214
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Docker Cloud Stack File Detected
Docker Cloud Stack File Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Docker Compose File Detected
Docker Compose File Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Dockerfile Detected
Dockerfile Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
.dockerignore File Detected
.dockerignore File Detected
CAPEC-118
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
, 
CWE-527
, 
ISO27001-A9.4.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
.DS_Store File Found
.DS_Store File Found
CWE-284
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-2
, 
Low
Exception Report Disclosure (Tomcat)
Exception Report Disclosure (Tomcat)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Form Hijacking
Form Hijacking
CWE-20
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
WASC-20
, 
Low
Information Disclosure (Microsoft Office)
Information Disclosure (Microsoft Office)
CAPEC-118
, 
CWE-200
, 
ISO27001-A.18.1.3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Insecure Frame (External)
Insecure Frame (External)
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Insecure JSONP Endpoint
Insecure JSONP Endpoint
CWE-20
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A1
, 
WASC-15
, 
Low
Insecure Reflected Content
Insecure Reflected Content
CWE-16
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A1
, 
WASC-15
, 
Low
Insecure Transportation Security Protocol Supported (TLS 1.1)
Insecure Transportation Security Protocol Supported (TLS 1.1)
CAPEC-217
, 
CWE-326
, 
HIPAA-164.306
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.4
, 
WASC-4
, 
Low
Internal IP Address Disclosure
Internal IP Address Disclosure
CWE-200
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
Internal Server Error
Internal Server Error
CWE-550
, 
ISO27001-A.14.1.2
, 
WASC-13
, 
Low
Laravel Debug Mode Enabled
Laravel Debug Mode Enabled
CAPEC-214
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Laravel Environment Configuration File Detected
Laravel Environment Configuration File Detected
CWE-285
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Microsoft IIS Log File Detected
Microsoft IIS Log File Detected
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-34
, 
Low
Microsoft Outlook Personal Folders File (.pst) Found
Microsoft Outlook Personal Folders File (.pst) Found
CWE-284
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
PCI v3.2-6.5.8
, 
WASC-2
, 
Low
Misconfigured Access-Control-Allow-Origin Header
Misconfigured Access-Control-Allow-Origin Header
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.8
, 
WASC-15
, 
Low
Misconfigured Frame
Misconfigured Frame
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Misconfigured X-Frame-Options Header
Misconfigured X-Frame-Options Header
CAPEC-103
, 
CWE-693
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Missing Content-Type Header
Missing Content-Type Header
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.7
, 
WASC-15
, 
Low
Missing X-Content-Type-Options Header
Missing X-Content-Type-Options Header
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
Missing X-Frame-Options Header
Missing X-Frame-Options Header
CAPEC-103
, 
CWE-693
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Multiple Declarations in X-Frame-Options Header
Multiple Declarations in X-Frame-Options Header
CAPEC-103
, 
CWE-693
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Open Redirection in POST method
Open Redirection in POST method
CWE-601
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A10
, 
OWASP 2017-A5
, 
WASC-38
, 
Low
Out-of-date Component ({applicationName})
Out-of-date Component ({applicationName})
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low
Passive Mixed Content over HTTPS
Passive Mixed Content over HTTPS
CWE-319
, 
ISO27001-A.14.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
Low
Passive Web Backdoor Detected
Passive Web Backdoor Detected
CWE-507
, 
HIPAA-164.308(a)
, 
ISO27001-A.12.2.1
, 
OWASP 2017-A10
, 
PCI v3.2-6.5.6
, 
Low
Phishing by Navigating Browser Tabs
Phishing by Navigating Browser Tabs
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
PHP allow_url_fopen Is Enabled
PHP allow_url_fopen Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
PHP allow_url_include Is Enabled
PHP allow_url_include Is Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
PHP display_errors Is Enabled
PHP display_errors Is Enabled
CWE-211
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
phpinfo() Output Detected
phpinfo() Output Detected
CWE-213
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
WASC-13
, 
Low
PHP open_basedir Is Not Configured
PHP open_basedir Is Not Configured
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Programming Error Message
Programming Error Message
CAPEC-118
, 
CWE-210
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Programming Error Message (Ruby)
Programming Error Message (Ruby)
CAPEC-118
, 
CWE-210
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Reflected File Download
Reflected File Download
CAPEC-375
, 
CWE-840
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
PCI v3.2-6.5.1
, 
WASC-42
, 
Low
RoR Database Configuration File Detected
RoR Database Configuration File Detected
CWE-285
, 
ISO27001-A.9.4.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-15
, 
Low
RoR Development Mode Enabled
RoR Development Mode Enabled
CAPEC-214
, 
CWE-16
, 
ISO27001-A.14.1.1
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Sensitive Pages Could Be Cached
Sensitive Pages Could Be Cached
CWE-525
, 
Low
Social Security Number Disclosure
Social Security Number Disclosure
CAPEC-118
, 
CWE-213
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A6
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.3
, 
WASC-13
, 
Low
Stack Trace Disclosure (Apache MyFaces)
Stack Trace Disclosure (Apache MyFaces)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.2.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Stack Trace Disclosure (Apache Shiro)
Stack Trace Disclosure (Apache Shiro)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.2.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Stack Trace Disclosure (ASP.NET)
Stack Trace Disclosure (ASP.NET)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.2.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Stack Trace Disclosure (CakePHP Framework)
Stack Trace Disclosure (CakePHP Framework)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.2.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Stack Trace Disclosure (CherryPy)
Stack Trace Disclosure (CherryPy)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.2.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Stack Trace Disclosure (Grails)
Stack Trace Disclosure (Grails)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Stack Trace Disclosure (GraphQL)
Stack Trace Disclosure (GraphQL)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.2.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Stack Trace Disclosure (Node.js)
Stack Trace Disclosure (Node.js)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.2.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Stack Trace Disclosure (PHP)
Stack Trace Disclosure (PHP)
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.9.2.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Struts2 Development Mode Enabled
Struts2 Development Mode Enabled
CAPEC-214
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.5
, 
WASC-14
, 
Low
Subresource Integrity (SRI) Hash Invalid
Subresource Integrity (SRI) Hash Invalid
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
Low
TRACE/TRACK Method Detected
TRACE/TRACK Method Detected
CAPEC-107
, 
CWE-16
, 
ISO27001-A.14.1.2
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-14
, 
Low
Unexpected Redirect Response Body (Two Responses)
Unexpected Redirect Response Body (Two Responses)
CWE-698
, 
ISO27001-A.14.2.5
, 
WASC-25
, 
Low
User Controllable Cookie
User Controllable Cookie
CWE-20
, 
ISO27001-A.14.2.5
, 
WASC-20
, 
Low
Username Disclosure (Microsoft SQL Server)
Username Disclosure (Microsoft SQL Server)
CAPEC-118
, 
CWE-201
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Username Disclosure (MySQL)
Username Disclosure (MySQL)
CAPEC-118
, 
CWE-201
, 
HIPAA-164.306(a)
, 
ISO27001-A.18.1.4
, 
OWASP 2013-A5
, 
OWASP 2017-A3
, 
PCI v3.2-6.5.5
, 
WASC-13
, 
Low
Version Disclosure (AbanteCart)
Version Disclosure (AbanteCart)
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.18.1.3
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
WASC-13
, 
Low