Vulnerability Name Classifications Severity
default-src Used in Content Security Policy (CSP) ISO27001-A.14.2.5 Information
Denial of Service (MySQL) CWE-400, ISO27001-A.14.1.2, WASC-10, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Information
Deprecated Header Instruction Used to Implement Content Security Policy (CSP) CWE-16, ISO27001-A.14.2.5, WASC-15 Information
Digest Authorization Required ISO27001-A.9.4.1 Information
Directory Listing (Apache) CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
Directory Listing (ASP.NET Server) CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
Directory Listing (IIS) CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
Directory Listing (Lighttpd) CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
Directory Listing (LiteSpeed) CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
Directory Listing (Nginx) CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
Directory Listing (Tomcat) CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
Directory Listing (WebDAV) CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Information
Disabled X-XSS-Protection Header CWE-693, ISO27001-A.14.1.2, WASC-15 Information
DokuWiki Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Dolibarr Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Dolphin Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
DotClear Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Drupal Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
e107 Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Elgg Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Email Address Disclosure CAPEC-118, CWE-200, ISO27001-A.9.4.1, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Information
EspoCRM Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Expect-CT Header via HTTP CWE-16, ISO27001-A.14.1.2, WASC-15 Information
Expect-CT in Report Only Mode ISO27001-A.14.1.2 Information
Expect-CT Security Header Errors and Warnings CWE-16, ISO27001-A.14.1.2, WASC-15 Information
ExpressJS Identified CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
Family Connections Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
File Upload Functionality Detected ISO27001-A.8.1.1 Information
FluxBB Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Forbidden Resource ISO27001-A.8.1.1 Information
Form Tools Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Front Accounting Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Generic Email Address Disclosure CAPEC-118, CWE-200, ISO27001-A.18.1.4, WASC-13 Information
GibbonEdu Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Hesk Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low CWE-16, ISO27001-A.14.1.2, WASC-15 Information
HTTP Strict Transport Security (HSTS) via HTTP CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6 Information
I’m a Teapot ISO27001-None Information
Incorrect Content Security Policy (CSP) Implementation CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Information
Insecure Protocol Detected in Content Security Policy (CSP) CWE-319, ISO27001-A.14.2.5 Information
Installation File Detected PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 Information
Intermediate Certificate is Signed Using a Weak Signature Algorithm CAPEC-459, ISO27001-A.10, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Information
Internal Path Disclosure (*nix) CAPEC-118, CWE-200, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.1, WASC-13, OWASP 2017-A6 Information
Internal Path Disclosure (Windows) CAPEC-118, CWE-200, HIPAA-164.306(a), 164.308(a), ISO27001-A.8.1.1, WASC-13 Information
Invalid Content Security Policy (CSP) Directive Identified in meta Elements CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Information
JBoss Application Server Identified CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
Joomla Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Kestrel Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Liferay Portal Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
LimeSurvey Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Log File Detected PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 Information
Login Page Identified Information
MediaWiki Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Mibew Messenger Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Mint Detected CAPEC-224, CWE-200, ISO27001-A.18.1.3, WASC-45 Information
Missing object-src in CSP Declaration CWE-16, ISO27001-A.14.2.5, WASC-15 Information
MODX Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Moodle Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Movable Type Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Multiple Content Security Policy (CSP) Implementation Detected CWE-16, ISO27001-A.14.2.5, WASC-15 Information
MyBB Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Nginx Web Server Identified CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C Information
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP) ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 Information
Nonce Usage Detected in Content Security Policy (CSP) Directive ISO27001-A.14.2.5 Information
NTLM Authorization Required ISO27001-A.9.4.1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Information
Omeka Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
OpenCart Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
OpenSearch.xml Detected CWE-200, ISO27001-A.18.1.3 Information
OPTIONS Method Enabled CAPEC-107, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Information
osClass Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
osCommerce Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
osTicket Detected CWE-200, ISO27001-A.18.1.3, WASC-13 Information
Out-of-date Version (AbanteCart) PCI v3.2-6.2, CAPEC-310, CWE-829, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 Information
Out-of-date Version (Ampache) PCI v3.2-6.2, CAPEC-310, CWE-829, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 Information
Out-of-date Version (AngularJS) PCI v3.2-6.2, CAPEC-310, CWE-829, HIPAA-164.308(a)(1)(i), ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 Information