Vulnerability Name
Classifications
Severity
Insecure HTTP Usage
ISO27001-A.14.1.3, WASC-4, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Medium
Invalid SSL Certificate
PCI v3.2-6.5.4, CAPEC-459, CWE-295, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Medium
SSL/TLS Not Implemented
PCI v3.2-6.5.4, CAPEC-217, CWE-311, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Medium
Weak Ciphers Enabled
PCI v3.2-6.5.4, CAPEC-217, CWE-327, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Medium
Passive Mixed Content over HTTPS
CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3
Low
Insecure Transportation Security Protocol Supported (TLS 1.1)
PCI v3.2-6.5.4, CAPEC-217, CWE-326, HIPAA-164.306, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3
Best Practice