Search Vulnerability


Vulnerability Name Classifications Severity
Remote Code Execution and DoS in HTTP.sys (IIS) PCI v3.2-6.5.1; CAPEC-340; CWE-20; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-7; OWASP 2013-A1; OWASP 2017-A1 Critical
Password Transmitted over HTTP PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 High
Critical Form Send to HTTP PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
Critical Form Served over HTTP PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
HTTP Header Injection PCI v3.2-6.5.1; CAPEC-105; CWE-93; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-24; OWASP 2013-A1; OWASP 2017-A1 Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled CAPEC-217; CWE-523; ISO27001-A.14.1.2; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
Insecure HTTP Usage ISO27001-A.14.1.3; WASC-4; OWASP 2013-A5; OWASP 2017-A3 Medium
Cookie Not Marked as HttpOnly CAPEC-107; CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 Low
Content Security Policy (CSP) report-uri Uses HTTP ISO27001-A.14.2.5; OWASP 2013-A6; OWASP 2017-A3 Information
Expect-CT Header via HTTP CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP PC-C10 Information
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP PC-C1 Information
HTTP Strict Transport Security (HSTS) via HTTP CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP PC-C10; OWASP 2017-A6 Information
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo