Vulnerability Name Classifications Severity
.DS_Store File Found PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5 Low
Apache Multiple Choices Enabled CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Apache MultiViews Enabled CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Autocomplete is Enabled CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Backup File Disclosure PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 Low
Cookie Not Marked as HttpOnly CAPEC-107, CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Cookie Not Marked as Secure PCI v3.2-6.5.10, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Low
Cookie Values Used in Anti-CSRF Token CWE-352, HIPAA-164.306(a), ISO27001-A.14.1.2, OWASP 2013-A5, OWASP 2017-A6 Low
Cross-site Request Forgery PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5 Low
Cross-site Request Forgery in Login Form PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5 Low
Database Error Message Disclosure PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Database Name Disclosure (Microsoft SQL Server) PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Database Name Disclosure (MySQL) PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Django Debug Mode Enabled PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Exception Report Disclosure (Tomcat) PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Form Hijacking CWE-20, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1 Low
Information Disclosure (Microsoft Office) PCI v3.2-6.5.5, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13 Low
Information Disclosure (phpinfo()) CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 Low
Insecure Frame (External) CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6 Low
Insecure JSONP Endpoint CWE-20, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1 Low
Insecure Reflected Content CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1 Low
Insecure Transportation Security Protocol Supported (TLS 1.0) PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Low
Internal IP Address Disclosure CWE-200, ISO27001-A.18.1.4, OWASP 2013-A6, OWASP 2017-A3 Low
Internal Server Error CWE-550, ISO27001-A.14.1.2, WASC-13 Low
Laravel Debug Mode Enabled PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Laravel Environment Configuration File Detected CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Microsoft IIS Log File Detected PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 Low
Microsoft Outlook Personal Folders File (.pst) Found PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5 Low
Misconfigured Access-Control-Allow-Origin Header CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Misconfigured Frame CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6 Low
Misconfigured X-Frame-Options Header CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 Low
Missing Content-Type Header CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Missing X-Frame-Options Header CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 Low
Multiple Declarations in X-Frame-Options Header CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 Low
Open Redirection in POST method CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, OWASP 2017-A5 Low
Passive Mixed Content over HTTPS CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3 Low
Passive Web Backdoor Detected PCI v3.2-6.5.6, CWE-507, HIPAA-164.308(a), ISO27001-A.12.2.1, OWASP 2017-A10 Low
Phishing by Navigating Browser Tabs CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Programming Error Message PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Programming Error Message (Ruby) PCI v3.2-3.2 6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Reflected File Download PCI v3.2-6.5.1, CAPEC-375, CWE-840, ISO27001-A.14.2.5, WASC-42, OWASP 2013-A1, OWASP 2017-A1 Low
RoR Database Configuration File Detected CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
RoR Development Mode Enabled PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Social Security Number Disclosure PCI v3.2-6.5.3, CAPEC-118, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 Low
Stack Trace Disclosure (Apache MyFaces) PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Stack Trace Disclosure (ASP.NET) PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Stack Trace Disclosure (CakePHP Framework) PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Stack Trace Disclosure (CherryPy) PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Stack Trace Disclosure (Grails) PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Struts2 Development Mode Enabled PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Subresource Integrity (SRI) Hash Invalid CWE-16, ISO27001-A.14.2.5, WASC-15 Low
TRACE/TRACK Method Detected CAPEC-107, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Unexpected Redirect Response Body (Two Responses) CWE-698, ISO27001-A.14.2.5, WASC-25 Low
User Controllable Cookie CWE-20, ISO27001-A.14.2.5, WASC-20 Low
Username Disclosure (Microsoft SQL Server) PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Low
Username Disclosure (MySQL) PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Low
Version Disclosure (Apache Coyote) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Apache Module) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Apache Traffic Server) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Apache) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (ASP.NET MVC) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (ASP.NET) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (CakePHP Framework) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Cherokee) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (CherryPy) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Django) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Frontpage) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (GlassFish) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Grafana) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Hiawatha) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Java Servlet) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Java) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (JBoss) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Jenkins) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Jolokia) CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low