Search Vulnerability


Vulnerability Name Classifications Severity
Remote Code Execution and DoS in HTTP.sys (IIS) PCI v3.2-, CAPEC-340, CWE-20, HIPAA-20, ISO27001-A.14.2.5, WASC-7, OWASP 2013-A1, OWASP 2017-A1 Critical
Password Transmitted over HTTP PCI v3.2-, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
Critical Form Send to HTTP PCI v3.2-, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
Critical Form Served over HTTP PCI v3.2-, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
HTTP Header Injection PCI v3.2-, CAPEC-105, CWE-93, HIPAA-93, ISO27001-A.14.2.5, WASC-24, OWASP 2013-A1, OWASP 2017-A1 Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled CAPEC-217, CWE-523, ISO27001-A.14.1.2, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
Insecure HTTP Usage ISO27001-A.14.1.3, WASC-4, OWASP 2013-A5, OWASP 2017-A3 Medium
Cookie Not Marked as HttpOnly CAPEC-107, CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Content Security Policy (CSP) report-uri Uses HTTP ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3 Information
Expect-CT Header via HTTP CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP PC-C10 Information
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP PC-C1 Information
HTTP Strict Transport Security (HSTS) via HTTP CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP PC-C10, OWASP 2017-A6 Information
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO