This page lists all vulnerabilities that can be detected by Invicti.
Vulnerability Name | Classifications | Severity |
---|---|---|
Code Evaluation (Apache Struts S02-53) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) S2-045 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) S2-046 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Apache Struts 2) | PCI v3.2-6.5.1; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Apache Struts 2) S2-053 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Server-Side Request Forgery (Apache Server Status) | CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 | High |
Apache Server-Info Detected | CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Apache Server-Status Detected | CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Medium |
Apache Multiple Choices Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Apache MultiViews Enabled | CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Stack Trace Disclosure (Apache MyFaces) | PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.2.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Apache Coyote) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Apache Module) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A6 | Low |
Version Disclosure (Apache) | CAPEC-170; CWE-205; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP PC-N/A; OWASP 2013-A5; OWASP 2017-A6 | Low |
Apache Web Server Identified | CWE-205; ISO27001-A.14.2.5; WASC-13; OWASP PC-C7; OWASP 2017-A6 | Information |
Default Page Detected (Apache) | CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP PC-C7 | Information |
Directory Listing (Apache) | CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 | Information |
Out-of-date Version (Apache) | PCI v3.2-6.2; CAPEC-310; CWE-1035, 937; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9 | Information |