Vulnerabilities Archive | Page 5 of 22

Vulnerability Name	Classifications	Severity
Spring Misconfiguration: HTML Escaping disabled	CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N	Medium
SQLite Database File Found	PCI v3.2-6.5.8, CWE-285, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N	Medium
SSL Certificate Is About To Expire	CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	Medium
SSL Certificate Name Hostname Mismatch	CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	Medium
SSL Untrusted Root Certificate	CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	Medium
SSL/TLS Not Implemented	PCI v3.2-6.5.4, CAPEC-217, CWE-311, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C	Medium
Stack Trace Disclosure (ColdFusion)	PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C	Medium
Stack Trace Disclosure (Django)	PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Medium
Stack Trace Disclosure (Java)	PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Medium
Stack Trace Disclosure (Laravel)	PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C	Medium
Stack Trace Disclosure (Python)	PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Medium
Stack Trace Disclosure (RoR)	PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Medium
Stack Trace Disclosure (Ruby-Sinatra Framework)	PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Medium
Struts 2 Config Browser plugin enabled	CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N	Medium
Struts 2 Development Mode Enabled	CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N	Medium
Sublime SFTP Config File Detected	CWE-16, ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	Medium
TLS/SSL Certificate Key Size Too Small	CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	Medium
Unicode Transformation (Best-Fit Mapping)	CWE-20, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	Medium
Unsafe value for session tracking in WEB-INF/web.xml	CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N	Medium
ViewState MAC Disabled	CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N	Medium
Weak Ciphers Enabled	PCI v3.2-6.5.4, CAPEC-217, CWE-327, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N	Medium
WordPress Setup Configuration File	PCI v3.2-6.5.8, CAPEC-212, CWE-665, HIPAA-164.312(a)(1), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/CR:H/IR:H/AR:H/MAV:N/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:N	Medium
ZSH History File Detected	PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	Medium
.dockerignore File Detected	CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N	Low
.DS_Store File Found	PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5	Low
(Deprecated) Version Disclosure (mod_ssl)	CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6	Low
{{vulnName}}		Low
Apache Multiple Choices Enabled	CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6	Low
Apache MultiViews Enabled	CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6	Low
ASP.NET ViewStateUserKey Is Not Set	CWE-16, OWASP 2013-A5, OWASP 2017-A6	Low
Autocomplete is Enabled	CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6	Low
AWS Dockerrun Configuration File Detected	CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N	Low
Backup File Disclosure	PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5	Low
Cookie Not Marked as HttpOnly	CAPEC-107, CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6	Low
Cookie Not Marked as Secure	PCI v3.2-6.5.10, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N	Low
Cookie Values Used in Anti-CSRF Token	CWE-352, HIPAA-164.306(a), ISO27001-A.14.1.2, OWASP 2013-A5, OWASP 2017-A6	Low
Cross-site Request Forgery	PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5	Low
Cross-site Request Forgery in Login Form	PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5	Low
Database Error Message Disclosure	PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6	Low
Database Name Disclosure (Microsoft SQL Server)	PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6	Low
Database Name Disclosure (MySQL)	PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6	Low
Django Debug Mode Enabled	PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6	Low
Docker Cloud Stack File Detected	CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N	Low
Docker Compose File Detected	CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N	Low
Dockerfile Detected	CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N	Low
Exception Report Disclosure (Tomcat)	PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6	Low
Form Hijacking	CWE-20, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1	Low
Information Disclosure (Microsoft Office)	PCI v3.2-6.5.5, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13	Low
Information Disclosure (phpinfo())	CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3	Low
Insecure Frame (External)	CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6	Low
Insecure JSONP Endpoint	CWE-20, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1	Low
Insecure Reflected Content	CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1	Low
Internal IP Address Disclosure	CWE-200, ISO27001-A.18.1.4, OWASP 2013-A6, OWASP 2017-A3	Low
Internal Server Error	CWE-550, ISO27001-A.14.1.2, WASC-13	Low
Laravel Debug Mode Enabled	PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6	Low
Laravel Environment Configuration File Detected	CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6	Low
Microsoft IIS Log File Detected	PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5	Low
Microsoft Outlook Personal Folders File (.pst) Found	PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5	Low
Misconfigured Access-Control-Allow-Origin Header	PCI v3.2-6.5.8, CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6	Low
Misconfigured Frame	CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6	Low
Misconfigured X-Frame-Options Header	CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6	Low
Missing Content-Type Header	PCI v3.2-6.5.7, CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6	Low
Missing X-Content-Type-Options Header	CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6	Low
Missing X-Frame-Options Header	CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6	Low
Multiple Declarations in X-Frame-Options Header	CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6	Low
Open Redirection in POST method	CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, OWASP 2017-A5	Low
Out-of-date Component ({applicationName})	CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6	Low
Passive Mixed Content over HTTPS	CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3	Low
Passive Web Backdoor Detected	PCI v3.2-6.5.6, CWE-507, HIPAA-164.308(a), ISO27001-A.12.2.1, OWASP 2017-A10	Low
Phishing by Navigating Browser Tabs	CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6	Low
PHP allow_url_fopen Is Enabled	CWE-16, OWASP 2013-A5, OWASP 2017-A6	Low
PHP allow_url_include Is Enabled	CWE-16, OWASP 2013-A5, OWASP 2017-A6	Low
PHP display_errors Is Enabled	CWE-211, OWASP 2013-A5, OWASP 2017-A6	Low
PHP open_basedir Is Not Configured	CWE-16, OWASP 2013-A5, OWASP 2017-A6	Low
phpinfo() Output Detected	CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3	Low

Spring Misconfiguration: HTML Escaping disabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Medium

SQLite Database File Found

PCI v3.2-6.5.8, CWE-285, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Medium

SSL Certificate Is About To Expire

CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Medium

SSL Certificate Name Hostname Mismatch

CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Medium

SSL Untrusted Root Certificate

CWE-295, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Medium

SSL/TLS Not Implemented

PCI v3.2-6.5.4, CAPEC-217, CWE-311, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

Medium

Stack Trace Disclosure (ColdFusion)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Medium

Stack Trace Disclosure (Django)