Professional Documents
Culture Documents
C
Server IP: 103.73.188.242
B
Reverse DNS: smtp6-18.latestnewsmails.com
Location: Gugal Pimpari C
The website has at least one folder with enabled directory listing, putting its content at risk. Misconfiguration or weakness
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 1/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 2/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 3/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
The website has at least one folder with enabled directory listing: https://www.rivatravel.com/extras/system/library/javascript/ .
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 4/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
7 6 15
Fingerprinted CMS & Vulnerabilities
jQuery 2.1.1
The fingerprinted component version is outdated and vulnerable to publicly known vulnerabilities. Urgently update to the most recent version 3.7.0.
jQuery UI 1.11.4
The fingerprinted component version is outdated and vulnerable to publicly known vulnerabilities. Urgently update to the most recent version 1.13.2.
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 5/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
SHOW 5 MORE
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 6/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
If the website processes or stores personal data of the EU residents, the following requirements of EU GDPR may apply:
PRIVACY POLICY
WEBSITE SECURITY
Website CMS or its components are outdated and contain publicly known security vulnerabilities. Misconfiguration or weakness
TLS ENCRYPTION
COOKIE PROTECTION
Cookies with personal or tracking information are sent with Secure flag. Good configuration
COOKIE DISCLAIMER
Third-party cookies or cookies with tracking information are sent, cookie disclaimer was found on the website. Good configuration
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 7/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
If the website falls into a CDE (Cardholder Data Environment) scope, the following Requirements of PCI DSS may apply:
REQUIREMENT 6.2
Website CMS or its components seem to be outdated. Check for available updates. Misconfiguration or weakness
REQUIREMENT 6.5
Fingerprinted website CMS or its components contain publicly known vulnerabilities (Ref. PCI DSS 6.5.1-6.5.10). Misconfiguration or weakness
REQUIREMENT 6.6
No WAF was detected on the website. Implement a WAF to protect the website against common web attacks. Misconfiguration or weakness
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 8/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
Some HTTP headers related to security and privacy are missing or misconfigured. Misconfiguration or weakness
Access-Control-Allow-Origin Permissions-Policy
SERVER
Server
Server: Apache
STRICT-TRANSPORT-SECURITY
Strict-Transport-Security
Directives
max-age Sets the time browsers must enforce the use of HTTPS to browse the website. No problems found
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 9/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
X-FRAME-OPTIONS
X-Frame-Options
X-Frame-Options: sameorigin
X-CONTENT-TYPE-OPTIONS
X-Content-Type-Options
X-Content-Type-Options: nosniff
REFERRER-POLICY
Referrer-Policy
Referrer-Policy: no-referrer
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 10/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
CONTENT-SECURITY-POLICY
CONTENT-SECURITY-POLICY-REPORT-ONLY
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 11/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
COOKIE: TRAVELS
The cookie has Secure and HttpOnly attributes set. Good configuration
The cookie is missing SameSite flag. Make sure it does not store sensitive information. Misconfiguration or weakness
travels=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22ca42d6f295e544a4b198114890f659b7%22%3Bs%3A10%3A%22ip_address%22%3Bs%
3A13%3A%2264.15.129.102%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A104%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.3
6+%28KHTML%2C+like+Gecko%29+Chrome%2F67.0.3396.99+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1689616734%3Bs%3A9%3A%22
Directives
max-age 7200 Sets the maximum lifetime of the cookie using a time in seconds.
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 12/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
path / Sets the path of the application where the cookie should be sent.
Prevents client-side scripts to access the cookie by telling browsers to only transmit the
httponly ✅
cookie over HTTP(S).
COOKIE: TRAVELS
The cookie has Secure and HttpOnly attributes set. Good configuration
The cookie is missing SameSite flag. Make sure it does not store sensitive information. Misconfiguration or weakness
travels=a%3A7%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22ca42d6f295e544a4b198114890f659b7%22%3Bs%3A10%3A%22ip_address%22%3Bs%
3A13%3A%2264.15.129.102%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A104%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.3
6+%28KHTML%2C+like+Gecko%29+Chrome%2F67.0.3396.99+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1689616734%3Bs%3A9%3A%22
user_data%22%3Bs%3A0%3A%22%22%3Bs%3A14%3A%22domain_auth_id%22%3Bi%3A1%3Bs%3A10%3A%22domain_key%22%3Bs%3A28%3A%22VE1YNzkzNDg
Directives
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 13/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
max-age 7200 Sets the maximum lifetime of the cookie using a time in seconds.
path / Sets the path of the application where the cookie should be sent.
Prevents client-side scripts to access the cookie by telling browsers to only transmit the
httponly ✅
cookie over HTTP(S).
COOKIE: TRAVELS
The cookie has Secure and HttpOnly attributes set. Good configuration
The cookie is missing SameSite flag. Make sure it does not store sensitive information. Misconfiguration or weakness
travels=a%3A8%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22ca42d6f295e544a4b198114890f659b7%22%3Bs%3A10%3A%22ip_address%22%3Bs%
3A13%3A%2264.15.129.102%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A104%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.3
6+%28KHTML%2C+like+Gecko%29+Chrome%2F67.0.3396.99+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1689616734%3Bs%3A9%3A%22
user_data%22%3Bs%3A0%3A%22%22%3Bs%3A14%3A%22domain_auth_id%22%3Bi%3A1%3Bs%3A10%3A%22domain_key%22%3Bs%3A28%3A%22VE1YNzkzNDg
0MTY1Mjk1OTcwNQ%3D%3D%22%3Bs%3A15%3A%22domain_currency%22%3Bs%3A3%3A%22USD%22%3B%7D07ca8caeb58782d085c0a3a9ed62bcd7;
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 14/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
Directives
max-age 7200 Sets the maximum lifetime of the cookie using a time in seconds.
path / Sets the path of the application where the cookie should be sent.
Prevents client-side scripts to access the cookie by telling browsers to only transmit the
httponly ✅ cookie over HTTP(S).
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 15/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
External web content (e.g. images, video, CSS or JavaScript) can improve website loading time. However, the external content can also put privacy of website visitors
at risk given that some information about them is transmitted to the third parties operating the external resources, sometimes even without proper HTTPS encryption
or user consent.
12 1
www.facebook.com
https://www.facebook.com/x/oauth/status?client_id=683582740114272&input_token&origin=1&redirect_uri=http
s%3A%2F%2Fwww.rivatravel.com%2F&sdk=joey&wants_cookie_data=true
fonts.googleapis.com
https://fonts.googleapis.com/css?family=Righteous
https://fonts.googleapis.com/css?family=Roboto
https://fonts.googleapis.com/css?family=Lato|Source+Sans+Pro
cdnjs.cloudflare.com
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.1/css/select2.min.css
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 16/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb
SHOW 7 MORE
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 17/17