Search Vulnerability


Vulnerability Name Classifications Severity
Remote Code Execution and DoS in HTTP.sys (IIS) PCI v3.2-, CAPEC-340, WASC-7, OWASP 2013-A1, OWASP 2017-A1 Critical
Basic Authorization over HTTP PCI v3.2-, CAPEC-65, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
Password Transmitted over HTTP PCI v3.2-, CAPEC-65, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
Critical Form Send to HTTP PCI v3.2-, CAPEC-65, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
Critical Form Served over HTTP PCI v3.2-, CAPEC-65, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Medium
HTTP Header Injection PCI v3.2-, CAPEC-105, WASC-24, OWASP 2013-A1, OWASP 2017-A1 Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings OWASP 2013-A5, OWASP 2017-A6 Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled CAPEC-217, OWASP 2013-A6, OWASP 2017-A3 Medium
Insecure HTTP Usage WASC-4, OWASP 2013-A5, OWASP 2017-A3 Medium
Cookie Not Marked as HttpOnly CAPEC-107, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Content Security Policy (CSP) report-uri Uses HTTP OWASP 2013-A6, OWASP 2017-A3 Information
Expect-CT Header via HTTP OWASP PC-C10 Information
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low OWASP PC-C1 Information
HTTP Strict Transport Security (HSTS) via HTTP OWASP PC-C10, OWASP 2017-A6 Information
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO