Vulnerability Name
Classifications
Severity
Active Mixed Content over HTTPS
CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Medium
Anonymous Ciphers Supported
PCI v3.2-6.5.4, CAPEC-117, CWE-311, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Medium
Apache Server-Info Detected
CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Medium
Apache Server-Status Detected
CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Medium
ASP.NET Cookieless Authentication Is Enabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6
Medium
ASP.NET Cookieless Session State Is Enabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6
Medium
ASP.NET CustomErrors Is Disabled
CWE-16, OWASP 2013-A6, OWASP 2017-A3
Medium
ASP.NET: Failure To Require SSL For Authentication Cookies
CWE-16, OWASP 2017-A6
Medium
ASP.NET Login Credentials Stored In Plain Text
CWE-312, OWASP 2013-A6, OWASP 2017-A3
Medium
ASP.NET ValidateRequest Is Globally Disabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6
Medium
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Base Tag Hijacking
PCI v3.2-6.5.7, CAPEC-19, CWE-20, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Medium
BREACH Attack Detected
CWE-310, OWASP 2013-A9, OWASP 2017-A9, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Medium
Critical Form Send to HTTP
PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Medium
Critical Form Served over HTTP
PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Medium
Custom Error Pages Are Not Configured in WEB-INF/web.xml
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
CVS Detected
CAPEC-118, CWE-527, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Expired SSL Certificate
CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Medium
Express Development Mode Is Enabled
CWE-200, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Express express-session Weak Secret Key Detected
CWE-200, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Frame Injection
PCI v3.2-6.5.1, CWE-601, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-38, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Medium
GIT Detected
CAPEC-118, CWE-527, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
HTTP Header Injection
PCI v3.2-6.5.1, CAPEC-105, CWE-93, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-24, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Medium
HTTP Header Injection (IAST)
PCI v3.2-6.5.1, CAPEC-105, CWE-93, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-24, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Medium
HTTP Parameter Pollution [deprecated]
CWE-88, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings
CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6
Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled
CAPEC-217, CWE-523, ISO27001-A.14.1.2, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Medium
Insecure HTTP Usage
CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Medium
Insecure Transportation Security Protocol Supported (SSLv3)
PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Medium
Invalid SSL Certificate
PCI v3.2-6.5.4, CAPEC-459, CWE-295, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Medium
Java Verb Tampering Via Misconfigured Security Constraint
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
JavaMelody Interface Detected
CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6
Medium
Microsoft Access Database File Detected
PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Medium
Node.js Web Application does not handle uncaughtException
CWE-248, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Node.js Web Application does not handle unhandledRejection
CWE-248, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Open Policy Crossdomain.xml Detected
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
Medium
Open Redirection
CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Medium
Open Redirection (DOM based)
CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
Medium
Open Silverlight Client Access Policy
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
Medium
Overly Long Session Timeout
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Password Transmitted over Query String
PCI v3.2-6.5.4, CWE-598, ISO27001-A.14.2.5, WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Medium
PHP enable_dl Is Enabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Medium
PHP magic_quotes_gpc Is Disabled [deprecated]
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Medium
PHP register_globals Is Enabled
CWE-473, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
PHP session.use_only_cookies Is Disabled
CWE-598, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Medium
PHP session.use_trans_sid Is Enabled
CWE-598, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Medium
Revoked SSL Certificate
CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Medium
RSA Private Key Detected
CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Medium
Sensitive Data Exposure
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Amazon AWS Access Key Id
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Amazon AWS Secret Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Amazon MWS Auth Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Amazon SES SMTP Password
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Consul Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Database Connection String – MongoDB – MySQL
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Database Connection String – PostgreSQL
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Devise Secret Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Facebook Access Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Facebook App ID
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Facebook App Secret
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Gitlab Personal Access Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Google Cloud API Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Google OAuth Access Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Heroku API Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – JDBC Database Connection String
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – LinkedIn API Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – MailChimp API Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – MailGun API Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Mapbox Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Nexmo Secret
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – NPM Access Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – NuGet API Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Omise Secret Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Paypal Access Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Picatic API key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – SendGrid API Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Sentry Auth Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Slack Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Slack v1.x Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Slack Webhook
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – SonarQube User Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Square OAuth Secret
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Square Personal Access Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – SSH Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Stripe API key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Symfony Application Secret
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Teams Webhook
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Telegram Bot API Token
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Twilio API Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Twitter Access Token Secret
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – Twitter API Secret Key
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Sensitive Data Exposure – WordPress Authentication Key/Salt
PCI v3.2-6.5.6, CAPEC-37, CWE-200, ISO27001-A.8.2.1, WASC-WASC-13, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
Server-Side Request Forgery
CWE-918, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Server-Side Request Forgery (Time Based)
CWE-918, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (ASP.NET)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (ColdFusion)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (Generic)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (Java)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (Java Servlet)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (JSP)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (Perl)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (PHP)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (Python)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (Ruby)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Source Code Disclosure (Tomcat)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Spring Boot Actuator Endpoint Detected
CWE-489, OWASP 2013-A5, OWASP 2017-A6
Medium
Spring Boot Misconfiguration: Actuator endpoint security disabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Boot Misconfiguration: Admin MBean enabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Boot Misconfiguration: Developer tools enabled on production
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Boot Misconfiguration: H2 console enabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Boot Misconfiguration: Overly long session timeout
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Boot Misconfiguration: Unsafe value for session tracking
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Spring Misconfiguration: HTML Escaping disabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
SQLite Database File Found
PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Medium
SSL Certificate Is About To Expire
CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Medium
SSL Certificate Name Hostname Mismatch
CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Medium
SSL Untrusted Root Certificate
CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Medium
SSL/TLS Not Implemented
PCI v3.2-6.5.4, CAPEC-217, CWE-311, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Medium
Stack Trace Disclosure (ColdFusion)
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Medium
Stack Trace Disclosure (Django)
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Stack Trace Disclosure (Java)
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Stack Trace Disclosure (Laravel)
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Medium
Stack Trace Disclosure (Python)
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Stack Trace Disclosure (RoR)
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Stack Trace Disclosure (Ruby-Sinatra Framework)
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Struts 2 Config Browser plugin enabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Struts 2 Development Mode Enabled
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Sublime SFTP Config File Detected
CWE-16, ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Medium
Unicode Transformation (Best-Fit Mapping)
CWE-20, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Medium
Unsafe value for session tracking in WEB-INF/web.xml
CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
ViewState MAC Disabled
CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Medium
Weak Ciphers Enabled
PCI v3.2-6.5.4, CAPEC-217, CWE-327, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Medium
WordPress Setup Configuration File
PCI v3.2-6.5.8, CAPEC-212, CWE-665, HIPAA-164.312(a)(1), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/CR:H/IR:H/AR:H/MAV:N/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:N
Medium
ZSH History File Detected
PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Medium