Complimentary 90-day, on-prem license available for entities involved in Covid19 response.

Search Vulnerability


Vulnerability Name Classifications Severity
Active Mixed Content over HTTPS CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3 Medium
Anonymous Ciphers Supported PCI v3.2-, CAPEC-117, CWE-311, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
Apache Server-Info Detected CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Apache Server-Status Detected CAPEC-347, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Base Tag Hijacking PCI v3.2-, CAPEC-19, CWE-20, HIPAA-20, ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7 Medium
BREACH Attack Detected CWE-310, OWASP 2013-A9, OWASP 2017-A9 Medium
Critical Form Send to HTTP PCI v3.2-, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
Critical Form Served over HTTP PCI v3.2-, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
CVS Detected CAPEC-118, CWE-527, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Medium
Frame Injection PCI v3.2-, CWE-601, HIPAA-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A1, OWASP 2017-A1 Medium
GIT Detected CAPEC-118, CWE-527, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Medium
HTTP Header Injection PCI v3.2-, CAPEC-105, CWE-93, HIPAA-93, ISO27001-A.14.2.5, WASC-24, OWASP 2013-A1, OWASP 2017-A1 Medium
HTTP Parameter Pollution CWE-88, OWASP 2013-A1, OWASP 2017-A1 Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled CAPEC-217, CWE-523, ISO27001-A.14.1.2, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
Insecure HTTP Usage ISO27001-A.14.1.3, WASC-4, OWASP 2013-A5, OWASP 2017-A3 Medium
Insecure Transportation Security Protocol Supported (SSLv3) PCI v3.2-, CAPEC-217, CWE-326, HIPAA-326, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
Invalid SSL Certificate PCI v3.2-, CAPEC-459, CWE-295, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
Microsoft Access Database File Detected PCI v3.2-, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3 Medium
Open Policy Crossdomain.xml Detected CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Medium
Open Redirection (DOM based) CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10 Medium
Open Silverlight Client Access Policy CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Medium
Password Transmitted over Query String PCI v3.2-, CWE-598, ISO27001-A.14.2.5, WASC-13, OWASP 2013-A6, OWASP 2017-A3 Medium
RSA Private Key Detected CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 Medium
Server-Side Request Forgery CWE-918, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1 Medium
Server-Side Request Forgery (Time Based) CWE-918, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1 Medium
Source Code Disclosure (ASP.NET) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (ColdFusion) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (Generic) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (Java Servlet) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (Java) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (JSP) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (Perl) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (PHP) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (Python) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (Ruby) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
Source Code Disclosure (Tomcat) CAPEC-118, CWE-540, HIPAA-540, ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Medium
SQLite Database File Found PCI v3.2-, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A3 Medium
SSL/TLS Not Implemented PCI v3.2-, CAPEC-217, CWE-311, HIPAA-311, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
Stack Trace Disclosure (ColdFusion) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Stack Trace Disclosure (Django) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Stack Trace Disclosure (Java) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Stack Trace Disclosure (Laravel) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Stack Trace Disclosure (Python) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Stack Trace Disclosure (RoR) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Stack Trace Disclosure (Ruby-Sinatra Framework) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Sublime SFTP Config File Detected CWE-16, ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Medium
Unicode Transformation (Best-Fit Mapping) CWE-20 Medium
ViewState MAC Disabled CWE-16, HIPAA-16, ISO27001-A.14.2.5, WASC-15, OWASP 2017-A6 Medium
Weak Ciphers Enabled PCI v3.2-, CAPEC-217, CWE-327, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
WordPress Setup Configuration File PCI v3.2-, CAPEC-212, CWE-665, HIPAA-665, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Medium
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO