Web Application Vulnerabilities Index

Apache Multiple Choices Enabled

CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Apache MultiViews Enabled

CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

ASP.NET ViewStateUserKey Is Not Set

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Low

Autocomplete is Enabled

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

AWS Dockerrun Configuration File Detected

CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Low

Backup File Disclosure

PCI v3.2-6.5.8, CAPEC-87, CWE-530, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5

Low

Cookie Not Marked as HttpOnly

CAPEC-107, CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Cookie Not Marked as Secure

PCI v3.2-6.5.10, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3, CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Low

Cookie Values Used in Anti-CSRF Token

CWE-352, HIPAA-164.306(a), ISO27001-A.14.1.2, OWASP 2013-A5, OWASP 2017-A6

Low

Cross-site Request Forgery

PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5

Low

Cross-site Request Forgery in Login Form

PCI v3.2-6.5.9, CAPEC-62, CWE-352, HIPAA-164.306(a), ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5

Low

Database Error Message Disclosure

PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Database Name Disclosure (Microsoft SQL Server)

PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Database Name Disclosure (MySQL)

PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Django Debug Mode Enabled

PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Docker Cloud Stack File Detected

CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Low

Docker Compose File Detected

CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Low

Dockerfile Detected

CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Low

.dockerignore File Detected

CAPEC-118, CWE-527, ISO27001-A9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A96, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Low

.DS_Store File Found

PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5

Low

Exception Report Disclosure (Tomcat)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Form Hijacking

CWE-20, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1

Low

Information Disclosure (Microsoft Office)

PCI v3.2-6.5.5, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13

Low

phpinfo() Output Detected

CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3

Low

Insecure Frame (External)

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6

Low

Insecure JSONP Endpoint

CWE-20, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1

Low

Insecure Reflected Content

CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1

Low

Internal IP Address Disclosure

CWE-200, ISO27001-A.18.1.4, OWASP 2013-A6, OWASP 2017-A3

Low

Internal Server Error

CWE-550, ISO27001-A.14.1.2, WASC-13

Low

Laravel Debug Mode Enabled

PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Laravel Environment Configuration File Detected

CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Microsoft IIS Log File Detected

PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5

Low

Microsoft Outlook Personal Folders File (.pst) Found

PCI v3.2-6.5.8, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5

Low

Misconfigured Access-Control-Allow-Origin Header

PCI v3.2-6.5.8, CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Misconfigured Frame

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6

Low

Missing Content-Type Header

PCI v3.2-6.5.7, CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Missing X-Content-Type-Options Header

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

Open Redirection in POST method

CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, OWASP 2017-A5

Low

Out-of-date Component ({applicationName})

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Passive Mixed Content over HTTPS

CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3

Low

Passive Web Backdoor Detected

PCI v3.2-6.5.6, CWE-507, HIPAA-164.308(a), ISO27001-A.12.2.1, OWASP 2017-A10

Low

Phishing by Navigating Browser Tabs

CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

PHP allow_url_fopen Is Enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Low

PHP allow_url_include Is Enabled

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Low

PHP display_errors Is Enabled

CWE-211, OWASP 2013-A5, OWASP 2017-A6

Low

PHP open_basedir Is Not Configured

CWE-16, OWASP 2013-A5, OWASP 2017-A6

Low

Programming Error Message

PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Programming Error Message (Ruby)

PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Prototype Pollution

PCI v3.2-6.5.7, CAPEC-180, CWE-1321, HIPAA-164.306(a), ISO27001-A.13.1.3, OWASP 2013-A9, OWASP 2017-A9

Low

Reflected File Download

PCI v3.2-6.5.1, CAPEC-375, CWE-840, ISO27001-A.14.2.5, WASC-42, OWASP 2013-A1, OWASP 2017-A1

Low

RoR Database Configuration File Detected

CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6

Low

RoR Development Mode Enabled

PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Sensitive Pages Could Be Cached

CWE-525

Low

Social Security Number Disclosure

PCI v3.2-6.5.3, CAPEC-118, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3

Low

Stack Trace Disclosure (Apache MyFaces)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (Apache Shiro)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001- A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (ASP.NET)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (CakePHP Framework)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (CherryPy)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (Grails)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (GraphQL)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (Node.js)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Stack Trace Disclosure (PHP)

PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Struts2 Development Mode Enabled

PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Subresource Integrity (SRI) Hash Invalid

CWE-16, ISO27001-A.14.2.5, WASC-15

Low

TRACE/TRACK Method Detected

CAPEC-107, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6

Low

Unexpected Redirect Response Body (Two Responses)

CWE-698, ISO27001-A.14.2.5, WASC-25

Low

User Controllable Cookie

CWE-20, ISO27001-A.14.2.5, WASC-20

Low

Username Disclosure (Microsoft SQL Server)

PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3

Low

Username Disclosure (MySQL)

PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3

Low

Version Disclosure (AbanteCart)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Ampache)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Angular)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Angularjs)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low

Version Disclosure (Apache)

CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6

Low