Vulnerability Name Classifications Severity
Arbitrary File Creation Detected CWE-20, OWASP 2017-A5 High
Arbitrary File Deletion Detected CWE-20, OWASP 2017-A5 High
ASP.NET Tracing Is Enabled CWE-16, 11, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N High
Backup Source Code Detected PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N High
Basic Authorization over HTTP PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N High
Blind Cross-site Scripting PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N High
Certificate is Signed Using a Weak Signature Algorithm PCI v3.2-6.5.4, CAPEC-459, ISO27001-A.10, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
Cross-site Scripting PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N High
Cross-site Scripting (DOM based) PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N High
Cross-site Scripting via Remote File Inclusion PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N High
Database User Has Admin Privileges PCI v3.2-6.5.6, CWE-267, ISO27001-A.9.2.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H High
Elmah.axd / Errorlog.axd Detected PCI v3.2-6.5.6, CAPEC-347, CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C High
Expression Language Injection PCI v3.2-6.5.1, CWE-20, HIPAA-164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N High
F5 Big-IP Local File Inclusion (CVE-2020-5902) PCI v3.2-6.5.8, CAPEC-252, CWE-22, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N High
Insecure Transportation Security Protocol Supported (SSLv2) PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C High
JWT Forgery via Chaining Jku Parameter with Open Redirect CWE-347, OWASP 2017-A2 High
JWT Forgery via Path Traversal CWE-22, OWASP 2017-A1 High
JWT Forgery via SQL Injection CWE-89, OWASP 2017-A1 High
JWT Forgery via unvalidated jku parameter CWE-22, OWASP 2017-A1 High
JWT Signature Bypass via None Algorithm CWE-347, OWASP 2017-A2 High
JWT Signature is not Verified CWE-347, OWASP 2017-A2 High
Local File Inclusion PCI v3.2-6.5.8, CAPEC-252, CWE-22, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N High
Local File Inclusion (IAST) PCI v3.2-6.5.8, CAPEC-252, CWE-22, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N High
Oracle WebLogic Authentication Bypass (CVE-2020-14883) CWE-288, OWASP 2013-A2, OWASP 2017-A2, CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H High
Out of Band XML External Entity Injection PCI v3.2-6.5.1, CAPEC-376, CWE-611, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-43, OWASP 2013-A1, OWASP 2017-A4, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H High
Out-of-date Version (Microsoft SQL Server) PCI v3.2-6.2, CAPEC-310, CWE-937, 1035, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 High
Out-of-date Version (MySQL) PCI v3.2-6.2, CAPEC-310, CWE-937, 1035, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 High
Out-of-date Version (Oracle) PCI v3.2-6.2, CAPEC-310, CWE-937, 1035, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 High
Out-of-date Version (PostgreSQL) PCI v3.2-6.2, CAPEC-310, CWE-937, 1035, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 High
Password Transmitted over HTTP PCI v3.2-6.5.4, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N High
ROBOT Attack Detected (Strong Oracle) PCI v3.2-6.5.4, CAPEC-217, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C High
ROBOT Attack Detected (Weak Oracle) PCI v3.2-6.5.4, CAPEC-217, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C High
Ruby on Rails File Content Disclosure (CVE-2019-5418) PCI v3.2-6.5.8, CAPEC-252, CWE-98, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N High
Server-Side Request Forgery (Apache Server Status) CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L High
Server-Side Request Forgery (AWS) CWE-918, ISO27001-A.14.2.5, OWASP 2017-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L High
Server-Side Request Forgery (elmah MVC) PCI v3.2-6.5.6, CAPEC-347, CWE-918, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C High
Server-Side Request Forgery (elmah) PCI v3.2-6.5.6, CAPEC-347, CWE-918, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C High
Server-Side Request Forgery (MySQL) CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L High
Server-Side Request Forgery (SSH) CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L High
Session Cookie Not Marked as Secure PCI v3.2-6.5.10, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N High
Stored Cross-site Scripting PCI v3.2-6.5.7, CAPEC-19, CWE-79, HIPAA-164.308(a), ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N High
SVN Detected CAPEC-118, CWE-527, ISO27001-A.9.4.1, WASC-13, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N High
Trace.axd Detected PCI v3.2-6.5.6, CAPEC-347, CWE-16, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C High
Unrestricted File Upload PCI v3.2-6.5.1, CWE-434, ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H High
Weak Basic Authentication Credentials PCI v3.2-6.5.10, CAPEC-16, CWE-521, ISO27001-A.9.4.3, WASC-15, OWASP 2013-A6, OWASP 2017-A3 High
Weak Secret is Used to Sign JWT CWE-347, OWASP 2017-A2 High
WebDAV Directory Has Write Permissions PCI v3.2-6.5.8, CWE-732, ISO27001-A.9.4.1, WASC-17, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C High
XML External Entity Injection PCI v3.2-6.5.1, CAPEC-376, CWE-611, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-43, OWASP 2013-A1, OWASP 2017-A4, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H High