Vulnerability Classification

Vulnerability Name Classifications Severity
Bash Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Vulnerability (Shellshock Bug) 88, WASC-31, OWASP 2013-A1
Blind Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

88, WASC-31, OWASP 2013-A1
Blind SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

66, WASC-19, OWASP 2013-A1
Boolean Based SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
66, WASC-19, OWASP 2013-A1
Code Evaluation (Apache Struts S02- PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
53) 23, OWASP 2013-A1
Code Evaluation (Apache Struts) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
23, OWASP 2013-A1
Code Evaluation (Apache Struts) S2- PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
045 23, OWASP 2013-A1
Code Evaluation (Apache Struts) S2- PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
046 23, OWASP 2013-A1
Code Evaluation (ASP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

23, OWASP 2013-A1
Code Evaluation (Node.js) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

23, OWASP 2013-A1
Code Evaluation (Perl) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

23, OWASP 2013-A1
Code Evaluation (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

23, OWASP 2013-A1
Code Evaluation (RoR - JSON) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
356, WASC-23, OWASP 2013-A1
Code Evaluation (RoR) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

356, WASC-23, OWASP 2013-A1
Code Evaluation via Local File PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Inclusion (PHP) 251, WASC-33, OWASP 2013-A1
Code Execution via File Upload PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
210, WASC-42, OWASP 2013-A1
Code Execution via Local File PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Inclusion 170, WASC-33, OWASP 2013-A1
Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection 23, OWASP 2013-A1
Template Injection (Java FreeMarker) 23, OWASP 2013-A1
Template Injection (Java Velocity) 23, OWASP 2013-A1
Template Injection (Node.js Dot) 23, OWASP 2013-A1
Template Injection (Node.js EJS) 23, OWASP 2013-A1
Template Injection (Node.js Marko) 23, OWASP 2013-A1
Template Injection (Node.js 23, OWASP 2013-A1
Nunjucks)
Template Injection (Node.js Pug 23, OWASP 2013-A1
(Jade))
Template Injection (PHP Smarty) 23, OWASP 2013-A1
Template Injection (PHP Twig) 23, OWASP 2013-A1
Template Injection (Python Jinja) 23, OWASP 2013-A1
Template Injection (Python Mako) 23, OWASP 2013-A1
Template Injection (Python Tornado) 23, OWASP 2013-A1
Template Injection (Ruby ERB) 23, OWASP 2013-A1
Template Injection (Ruby Slim) 23, OWASP 2013-A1
Code Execution via WebDAV PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Critical
17, WASC-17
Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

88, WASC-31, OWASP 2013-A1
OpenSSL Heartbleed PCI v3.1-6.5.2, PCI v3.2-6.5.2, CAPEC- Critical

216, OWASP 2013-A6
Out of Band Code Evaluation (Apache PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical
Struts 2) 2013-A1
Out of Band Code Evaluation (Apache PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Struts 2) S2-053 23, OWASP 2013-A1
Out of Band Code Evaluation (ASP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
23, OWASP 2013-A1
Out of Band Code Evaluation (Perl) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
23, OWASP 2013-A1
Out of Band Code Evaluation (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
23, OWASP 2013-A1
Out of Band Code Evaluation (RoR - PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
JSON) 356, WASC-23, OWASP 2013-A1
Out of Band Code Evaluation (RoR) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
356, WASC-23, OWASP 2013-A1
Out of Band Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
88, WASC-31, OWASP 2013-A1
Out of Band Remote File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
193, WASC-5, OWASP 2013-A1
Out of Band SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
66, WASC-19, OWASP 2013-A1
Remote Code Execution and DoS in PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
HTTP.sys (IIS) 340, WASC-7, OWASP 2013-A1
Remote File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

193, WASC-5, OWASP 2013-A1
Server-Side Request Forgery PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- Critical

(trace.axd) 347, WASC-15, OWASP 2013-A5
Server-Side Template Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical

2013-A1
Server-Side Template Injection (Java PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical
FreeMarker) 2013-A1
Server-Side Template Injection (Java PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical
Velocity) 2013-A1

(Node.js Dot) 2013-A1

(Node.js EJS) 2013-A1
Server-Side Template Injection (Ruby PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical
ERB) 2013-A1
SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

66, WASC-19, OWASP 2013-A1
Web Backdoor Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- Critical

443
Backup Source Code Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- High
87, WASC-34, OWASP 2013-A7
Basic Authorization over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
65, WASC-4, OWASP 2013-A6
Blind Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High

Certificate is Signed Using a Weak PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
Signature Algorithm 459, WASC-4, OWASP PC-C7, OWASP
2013-A6
Cookie Not Marked as Secure PCI v3.1-6.5.10, PCI v3.2-6.5.10, High

CAPEC-102, WASC-15, OWASP 2013-
A6
Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High

Cross-site Scripting (DOM based) PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High
Cross-site Scripting via Remote File PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High
Inclusion 19, WASC-8, OWASP 2013-A3
Database User Has Admin Privileges PCI v3.1-6.5.6, PCI v3.2-6.5.6, WASC- High
14, OWASP 2013-A5
Elmah.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High

347, WASC-15, OWASP 2013-A5
Expression Language Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP High

2013-A1
Insecure Transportation Security PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High

Protocol Supported (SSLv2) 217, WASC-4, OWASP 2013-A6
Local File Inclusion PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- High

252, WASC-33, OWASP 2013-A4
Out of Band XML External Entity PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- High
Injection 376, WASC-43, OWASP 2013-A1
Out-of-date Version (Microsoft SQL PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- High
Server) 310, OWASP 2013-A9
Out-of-date Version (MySQL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- High

310, OWASP 2013-A9
Out-of-date Version (PostgreSQL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- High

310, OWASP 2013-A9
Password Transmitted over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
ROBOT Attack Detected (Strong PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
Oracle) 217, WASC-4, OWASP 2013-A6
ROBOT Attack Detected (Weak PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
Oracle) 217, WASC-4, OWASP 2013-A6
Server-Side Request Forgery (Apache High

Server Status)
Server-Side Request Forgery (AWS) High
Server-Side Request Forgery (elmah PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High
MVC) 347, WASC-15, OWASP 2013-A5
Server-Side Request Forgery (elmah) PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High
347, WASC-15, OWASP 2013-A5
Server-Side Request Forgery (MySQL) High
Server-Side Request Forgery (SSH) High
Stored Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High

SVN Detected CAPEC-118, WASC-13, OWASP 2013- High

A5
Trace.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High

347, WASC-15, OWASP 2013-A5
Unrestricted File Upload PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP High

2013-A1
Weak Basic Authentication PCI v3.1-6.5.10, PCI v3.2-6.5.10, High

Credentials CAPEC-16, WASC-15, OWASP 2013-
A6
WebDAV Directory Has Write PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- High
Permissions 17
XML External Entity Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- High
376, WASC-43, OWASP 2013-A1
Active Mixed Content over HTTPS OWASP 2013-A6 Medium
Anonymous Ciphers Supported PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium

117, WASC-4, OWASP 2013-A6
Apache Server-Info Detected CAPEC-347, WASC-14, OWASP 2013- Medium

A5
Apache Server-Status Detected CAPEC-347, WASC-14, OWASP 2013- Medium

A5
Base Tag Hijacking PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- Medium

Critical Form Send to HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium
Critical Form Served over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium
CVS Detected CAPEC-118, WASC-13, OWASP 2013- Medium

A5
Frame Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, WASC- Medium

38, OWASP 2013-A10
GIT Detected CAPEC-118, WASC-13, OWASP 2013- Medium

A5
HTTP Header Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Medium

105, WASC-24, OWASP 2013-A1
Insecure HTTP Usage WASC-4, OWASP 2013-A5 Medium
Insecure Transportation Security PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium

Protocol Supported (SSLv3) 217, WASC-4, OWASP 2013-A6
Invalid SSL Certificate PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium

459, WASC-4, OWASP 2013-A6
Microsoft Access Database File PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- Medium
Detected 2, OWASP 2013-A7
Open Policy Crossdomain.xml WASC-15, OWASP 2013-A5 Medium

Detected
Open Redirection WASC-38, OWASP 2013-A10 Medium
Open Redirection (DOM based) WASC-38, OWASP 2013-A10 Medium
Open Silverlight Client Access Policy WASC-15, OWASP 2013-A5 Medium
Password Transmitted over Query PCI v3.1-6.5.4, PCI v3.2-6.5.4, WASC- Medium
String 13, OWASP 2013-A6
RSA Private Key Detected CAPEC-118, WASC-13, OWASP 2013- Medium

A6
Server-Side Request Forgery (Time OWASP 2013-A1 Medium

Based)
Source Code Disclosure (ASP.NET) CAPEC-118, WASC-13, OWASP 2013- Medium

A5
Source Code Disclosure (ColdFusion) CAPEC-118, WASC-13, OWASP 2013- Medium

A5
Source Code Disclosure (Generic) CAPEC-118, WASC-13, OWASP 2013- Medium

A5
Source Code Disclosure (Java) CAPEC-118, WASC-13, OWASP 2013- Medium

A5
Source Code Disclosure (Perl) CAPEC-118, WASC-13, OWASP 2013- Medium

A5
Source Code Disclosure (PHP) CAPEC-118, WASC-13, OWASP 2013- Medium

A5
Source Code Disclosure (Python) CAPEC-118, WASC-13, OWASP 2013- Medium

A5
Source Code Disclosure (Ruby) CAPEC-118, WASC-13, OWASP 2013- Medium

A5
Source Code Disclosure (Tomcat) CAPEC-118, WASC-13, OWASP 2013- Medium

A5
SQLite Database File Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- Medium
2, OWASP 2013-A7
Stack Trace Disclosure (ColdFusion) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5
Stack Trace Disclosure (Django) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5
Stack Trace Disclosure (Java) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5
Stack Trace Disclosure (Laravel) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5
Stack Trace Disclosure (Python) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5
Stack Trace Disclosure (RoR) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5
Stack Trace Disclosure (Ruby-Sinatra PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
Framework) 214, WASC-14, OWASP 2013-A5
Sublime SFTP Config File Detected WASC-15, OWASP 2013-A5 Medium
ViewState MAC Disabled WASC-15 Medium
Weak Ciphers Enabled PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium

217, WASC-4, OWASP 2013-A6
WordPress Setup Configuration File PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Medium
212, WASC-14, OWASP 2013-A5
.DS_Store File Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- Low

2, OWASP 2013-A7
Apache Multiple Choices Enabled WASC-14, OWASP 2013-A5 Low
Apache MultiViews Enabled WASC-14, OWASP 2013-A5 Low

Autocomplete Enabled WASC-15, OWASP 2013-A5 Low
Backup File Disclosure PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Low

87, WASC-34, OWASP 2013-A7
Cookie Not Marked as HttpOnly CAPEC-107, WASC-15, OWASP 2013- Low

A5
Cookie Values Used in Anti-CSRF OWASP 2013-A5 Low

Token
Cross-site Request Forgery PCI v3.1-6.5.9, PCI v3.2-6.5.9, CAPEC- Low

Cross-site Request Forgery in Login PCI v3.1-6.5.9, PCI v3.2-6.5.9, CAPEC- Low
Form 62, WASC-9, OWASP 2013-A8
Database Error Message Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
118, WASC-13, OWASP 2013-A5
Database Name Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low

(Microsoft SQL Server) 118, WASC-13, OWASP 2013-A5
Database Name Disclosure (MySQL) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
118, WASC-13, OWASP 2013-A5
Django Debug Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5
Exception Report Disclosure (Tomcat) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5
Form Hijacking Low
Information Disclosure (Microsoft PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low

Office) 118, WASC-13
Information Disclosure (phpinfo()) CAPEC-346, WASC-13, OWASP 2013- Low

A5
Insecure Frame (External) Low
Insecure JSONP Endpoint WASC-15, OWASP 2013-A5 Low
Insecure Reflected Content WASC-15, OWASP 2013-A5 Low
Insecure Transportation Security PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Low

Protocol Supported (TLS 1.0) 217, WASC-4, OWASP 2013-A6
Internal IP Address Disclosure Low
Internal Server Error Low
Laravel Debug Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5
Laravel Environment Configuration WASC-15, OWASP 2013-A5 Low

File Detected
Microsoft IIS Log File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Low
87, WASC-34, OWASP 2013-A7
Microsoft Outlook Personal Folders PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- Low
File (.pst) Found 2, OWASP 2013-A7
Misconfigured Access-Control-Allow- WASC-15, OWASP 2013-A5 Low

Origin Header
Misconfigured Frame Low
Missing Content-Type Header OWASP 2013-A5 Low

Missing X-Frame-Options Header CAPEC-103, OWASP 2013-A5 Low
Open Redirection in POST method WASC-38, OWASP 2013-A10 Low
Passive Mixed Content over HTTPS OWASP 2013-A6 Low
Passive Web Backdoor Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6 Low
Phishing by Navigating Browser Tabs OWASP 2013-A5 Low
Programming Error Message PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low

118, WASC-13, OWASP 2013-A5
Reflected File Download PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Low

375, WASC-42, OWASP 2013-A1
RoR Database Configuration File WASC-15, OWASP 2013-A5 Low

Detected
RoR Development Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5
Server-Side Request Forgery OWASP 2013-A1 Low
Social Security Number Disclosure PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC- Low
118, WASC-13, OWASP 2013-A6
Stack Trace Disclosure (Apache PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
MyFaces) 214, WASC-14, OWASP 2013-A5
Stack Trace Disclosure (ASP.NET) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5
Stack Trace Disclosure (Grails) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5
Struts2 Development Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5
Subresource Integrity (SRI) Hash Low

Invalid
TRACE/TRACK Method Detected CAPEC-107, WASC-14, OWASP 2013- Low

A5
Unexpected Redirect Response Body Low

(Two Responses)
User Controllable Cookie Low
Username Disclosure (Microsoft SQL PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
Server) 118, WASC-13, OWASP 2013-A5
Username Disclosure (MySQL) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low

118, WASC-13, OWASP 2013-A5
Version Disclosure (Apache Coyote) CAPEC-170, WASC-45 Low
Version Disclosure (Apache Module) CAPEC-170, WASC-45 Low
Version Disclosure (Apache) CAPEC-170, WASC-45 Low
Version Disclosure (ASP.NET MVC) CAPEC-170, WASC-45 Low
Version Disclosure (ASP.NET) CAPEC-170, WASC-45 Low
Version Disclosure (Django) CAPEC-170, WASC-45 Low
Version Disclosure (Frontpage) CAPEC-170, WASC-45 Low

Version Disclosure (Java Servlet) CAPEC-170, WASC-45 Low
Version Disclosure (Lighttpd) CAPEC-170, WASC-45 Low
Version Disclosure (mod_ssl) CAPEC-170, WASC-45 Low
Version Disclosure (Mongrel Web CAPEC-170, WASC-45 Low

Server)
Version Disclosure (Nginx) CAPEC-170, WASC-45 Low
Version Disclosure (NuSOAP) CAPEC-170, WASC-45 Low
Version Disclosure (OpenSSL) CAPEC-170, WASC-45 Low
Version Disclosure (Oracle) CAPEC-170, WASC-45 Low
Version Disclosure (Perl) CAPEC-170, WASC-45 Low
Version Disclosure (PHP) CAPEC-170, WASC-45 Low
Version Disclosure (Python) CAPEC-170, WASC-45 Low
Version Disclosure (RoR) CAPEC-170, WASC-45 Low
Version Disclosure (Ruby) CAPEC-170, WASC-45 Low
Version Disclosure (RubyGems) CAPEC-170, WASC-45 Low
Version Disclosure (SharePoint) CAPEC-170, WASC-45 Low
Version Disclosure (Tomcat) CAPEC-170, WASC-45 Low

Version Disclosure (Web Logic) CAPEC-170, WASC-45 Low
Version Disclosure (WEBrick) CAPEC-170, WASC-45 Low
ViewState is not Encrypted WASC-15 Low
Windows Short Filename PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Low

87, WASC-34, OWASP 2013-A7
Windows Username Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low

118, WASC-13
AbanteCart Detected OWASP PC-C7 Information
Adminer Detected OWASP PC-C6 Information
Administration Page Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information

87, WASC-34, OWASP PC-C6, OWASP
2013-A7
Ampache Detected OWASP PC-C7 Information
An Unsafe Content Security Policy Information

(CSP) Directive In Use
Apache Web Server Identified OWASP PC-C7 Information
ASP.NET Debugging Enabled WASC-14, OWASP PC-C7, OWASP Information

2013-A5
ASP.NET Identified OWASP PC-C7 Information
ATutor Detected OWASP PC-C7 Information

Autocomplete Enabled (Password WASC-15, OWASP 2013-A5 Information

Field)
AWStats Detected CAPEC-224, WASC-45, OWASP PC-C6 Information
Basic Authorization Required Information
Chamilo Detected OWASP PC-C7 Information
Claroline Detected OWASP PC-C7 Information
Collabtive Detected OWASP PC-C7 Information
Concrete5 Detected OWASP PC-C7 Information
Configuration File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information

87, WASC-34, OWASP 2013-A7
Content Security Policy (CSP) OWASP 2013-A6 Information

Contains Out of Scope report-uri
Domain
Content Security Policy (CSP) OWASP 2013-A5 Information

Keywords Not Used within Single
Quotes
Content Security Policy (CSP) Nonce OWASP 2013-A5 Information

Value Not Used Within Single Quotes
Content Security Policy (CSP) Nonce OWASP 2013-A5 Information

without Matching Script Block
Content Security Policy (CSP) Not OWASP PC-C9 Information

Implemented
Content Security Policy (CSP) report- OWASP 2013-A6 Information

uri Uses HTTP
Content-Security-Policy-Report-Only OWASP 2013-A5 Information

Cannot Be Declared Between META
Tags
Content-Security-Policy-Report-Only OWASP 2013-A5 Information

Cannot Be Declared Without report-
uri Directive
Cookie Header Contains Multiple OWASP 2013-A5 Information

Cookies
Coppermine Detected OWASP PC-C7 Information
Credit Card Disclosure PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC- Information

118, WASC-13, OWASP PC-C7,
OWASP 2013-A6
Crossdomain.xml Detected OWASP PC-C6 Information
Cross-site Referrer Leakage through OWASP PC-C9, OWASP 2013-A6 Information

Permissive Referrer-Policy

Referrer-Policy

Referrer-Policy
CubeCart Detected OWASP PC-C7 Information
data: Used in a Content Security Information

Policy (CSP) Directive
Database Connection String Detected WASC-15, OWASP PC-C7, OWASP Information

2013-A5
Database Detected (Microsoft Information

Access)
Database Detected (Microsoft SQL Information

Server)
Database Detected (MySQL) Information
Database Detected (Oracle) Information
Database Detected (PostgreSQL) Information
DbNinja Detected OWASP PC-C6 Information
Default Page Detected (Apache) OWASP PC-C7 Information
Default Page Detected (IIS 10.0) OWASP PC-C7 Information
Default Page Detected (IIS 6) OWASP PC-C7 Information
Default Page Detected (IIS 7.X) OWASP PC-C7 Information

Default Page Detected (Tomcat) OWASP PC-C7 Information
default-src Used in Content Security OWASP PC-C9 Information

Policy (CSP)
Denial of Service (MySQL) OWASP PC-C9 Information
Deprecated Header Instruction Used OWASP PC-C9 Information

to Implement Content Security Policy
(CSP)
Digest Authorization Required Information
Directory Listing (Apache) CAPEC-127, WASC-16, OWASP PC-C6, Information

OWASP 2013-A5
Directory Listing (ASP.NET Server) CAPEC-127, WASC-16, OWASP PC-C6, Information

OWASP 2013-A5
Directory Listing (IIS) CAPEC-127, WASC-16, OWASP PC-C6, Information

OWASP 2013-A5
Directory Listing (Lighttpd) CAPEC-127, WASC-16, OWASP PC-C6, Information

OWASP 2013-A5
Directory Listing (LiteSpeed) CAPEC-127, WASC-16, OWASP PC-C6, Information

OWASP 2013-A5
Directory Listing (Nginx) CAPEC-127, WASC-16, OWASP PC-C6, Information

OWASP 2013-A5
Directory Listing (Tomcat) CAPEC-127, WASC-16, OWASP PC-C6, Information

OWASP 2013-A5
Directory Listing (WebDAV) CAPEC-127, WASC-16, OWASP PC-C6, Information

OWASP 2013-A5
Disabled X-XSS-Protection Header OWASP PC-C9 Information
DokuWiki Detected OWASP PC-C7 Information
DotClear Detected OWASP PC-C7 Information
Drupal Detected OWASP PC-C7 Information
e107 Detected OWASP PC-C7 Information
Elgg Detected OWASP PC-C7 Information
Email Address Disclosure CAPEC-118, WASC-13, OWASP PC-C7 Information
EspoCRM Detected OWASP PC-C7 Information
Expect-CT Header via HTTP OWASP PC-C10 Information
Expect-CT in Report Only Mode OWASP PC-C9 Information
Expect-CT Not Enabled OWASP PC-C9 Information
Expect-CT Security Header Errors and OWASP PC-C10 Information

Warnings
ExpressJS Identified OWASP PC-C7 Information
Family Connections Detected OWASP PC-C7 Information
File Upload Functionality Detected OWASP PC-C4 Information
FluxBB Detected OWASP PC-C7 Information

Forbidden Resource OWASP PC-C8 Information
Form Tools Detected OWASP PC-C7 Information
Front Accounting Detected OWASP PC-C7 Information
Generic Email Address Disclosure CAPEC-118, WASC-13, OWASP PC-C7 Information
GibbonEdu Detected OWASP PC-C7 Information
Hesk Detected OWASP PC-C7 Information
HTTP Strict Transport Security (HSTS) OWASP PC-C10 Information

Errors and Warnings

Max-Age Value Too Low

Policy Not Enabled

via HTTP
Incorrect Content Security Policy OWASP 2013-A5 Information

(CSP) Implementation
Insecure Target Detected In Secure Information

Site CSP
Installation File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information

87, WASC-34, OWASP 2013-A7
Intermediate Certificate is Signed CAPEC-459, WASC-4, OWASP 2013- Information

Using a Weak Signature Algorithm A6
Internal Path Disclosure (*nix) CAPEC-118, WASC-13, OWASP PC-C7 Information
Internal Path Disclosure (Windows) CAPEC-118, WASC-13, OWASP PC-C7 Information
Invalid Content Security Policy (CSP) OWASP 2013-A5 Information

Directive Identified in meta Elements
Joomla Detected OWASP PC-C7 Information
LimeSurvey Detected OWASP PC-C7 Information
Log File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information

2013-A7
MediaWiki Detected OWASP PC-C7 Information
Mibew Messenger Detected OWASP PC-C7 Information
Mint Detected CAPEC-224, WASC-45, OWASP PC-C7 Information
Missing object-src in CSP Declaration OWASP PC-C9 Information
Missing X-XSS-Protection Header OWASP PC-C9 Information
MODX Detected OWASP PC-C7 Information
Moodle Detected OWASP PC-C7 Information
Movable Type Detected Information
Multiple Content Security Policy OWASP PC-C9 Information

(CSP) Implementation Detected
MyBB Detected OWASP PC-C7 Information
Nginx Web Server Identified OWASP PC-C7 Information
No Script Block Detected With The OWASP 2013-A5 Information

Hash Value Declared in Content
Security Policy (CSP)
Nonce Usage Detected In Content OWASP PC-C9 Information

Security Policy (CSP) Directive
NTLM Authorization Required OWASP PC-C6 Information
Omeka Detected OWASP PC-C7 Information
OpenCart Detected OWASP PC-C7 Information
OPTIONS Method Enabled CAPEC-107, WASC-14, OWASP 2013- Information

A5
osClass Detected OWASP PC-C7 Information
osCommerce Detected OWASP PC-C7 Information
osTicket Detected OWASP PC-C7 Information
Out-of-date Version (AbanteCart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (Ampache) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (AngularJS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Apache) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (ASP.NET PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

SignalR) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (ATutor) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Backbone.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Bootbox.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Bootstrap 3 PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Date/Time Picker) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (Bootstrap PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Toggle) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (Bootstrap) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Chamilo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Chart.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (CKEditor) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Claroline) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Collabtive) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Concerte5) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Coppermine) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (CubeCart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Django) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Dojo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (DokuWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (DOMPurify) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (DotClear) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Drupal) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (DWR) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (e107) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (easyXDM) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Elgg) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Ember.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (EspoCRM) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Fabric.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Family PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Connections) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (FluxBB) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (FooTable) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Form Tools) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (Foundation) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Front PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Accounting) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (Fuel UX) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (GibbonEdu) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Hammer.JS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Handlebars.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Hesk) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (HTML5 Shiv) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (ImagePicker) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Ion.RangeSlider) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (JavaScript PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Cookie) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (Joomla) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (jPlayer) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (jQuery Mask) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (jQuery Migrate) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (jQuery Mobile) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (jQuery UI PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Autocomplete) 310, OWASP PC-C1, OWASP 2013-A9

Dialog) 310, OWASP PC-C1, OWASP 2013-A9

Tooltip) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (jQuery PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Validation) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (jQuery) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (jsTree) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Knockout PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Mapping) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (Knockout) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Leaflet) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Lighttpd) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (LimeSurvey) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (MediaWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Mibew PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Messenger) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (Modernizr) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (MODX) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Moment.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Moodle) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Movable Type) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (mustache.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (MyBB) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Nginx) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (NuSOAP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Omeka) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (OpenCart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (OpenSSL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (osClass) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (osCommerce) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (osTicket) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (ownCloud) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (pdf.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Perl) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Phaser) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Phorum) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Php Address PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Book) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (PHP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (phpBB) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (PhpFusion) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (phpList) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (PhpMyFAQ) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Piwigo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Pixi.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Plupload) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (PmWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Podcast PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Generator) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (PrestaShop) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (prettyPhoto) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (ProjectSend) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Prototype JS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (Python) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

(Question2Answer) 310, OWASP PC-C1, OWASP 2013-A9
Out-of-date Version (Ramda) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (React) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Respond.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Reveal.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (RoR) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Roundcube) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Ruby) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (RubyGems) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Rukovoditel) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Select2) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Semantic UI) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (SeoPanel) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Serendipity) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Sortable) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (TCExam) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Three.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Tomcat) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (typeahead.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Vanilla Forums) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (Video.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Vue.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (webERP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (WeBid) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (WordPress) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (XOOPS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (YetiForce CRM) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (YOURLS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (YUI) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Zen Cart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Out-of-date Version (ZenPhoto) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Zepto.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Zikula) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

Out-of-date Version (Zurmo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information

ownCloud Detected OWASP PC-C7 Information
Phorum Detected OWASP PC-C7 Information
Php Address Book Detected OWASP PC-C7 Information
phpBB Detected OWASP PC-C7 Information
PhpFusion Detected OWASP PC-C7 Information
phpList Detected OWASP PC-C7 Information
phpLiteAdmin Detected OWASP PC-C6 Information
phpMoAdmin Detected OWASP PC-C6 Information
phpMyAdmin Detected OWASP PC-C6 Information
PhpMyFAQ Detected OWASP PC-C7 Information
Piwigo Detected OWASP PC-C7 Information
Piwik Detected CAPEC-224, WASC-45, OWASP PC-C7 Information
PmWiki Detected OWASP PC-C7 Information
Podcast Generator Detected OWASP PC-C7 Information
PrestaShop Detected OWASP PC-C7 Information
ProjectSend Detected OWASP PC-C7 Information

Question2Answer Detected OWASP PC-C7 Information
Readme/Help File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information

2013-A7
Referrer-Policy Needs Proper OWASP PC-C9, OWASP 2013-A6 Information

Fallback
Referrer-Policy Not Implemented OWASP PC-C9, OWASP 2013-A6 Information
Robots.txt Detected OWASP PC-C7 Information
Roundcube Detected OWASP PC-C7 Information
Rukovoditel Detected OWASP PC-C7 Information
SameSite Cookie Not Implemented OWASP PC-C9 Information
Scheme URI Detected In Content Information

Security Policy (CSP) Directive
SeoPanel Detected OWASP PC-C7 Information
Serendipity Detected OWASP PC-C7 Information
Shell Script Detected OWASP PC-C6 Information
Silverlight Client Access Policy OWASP PC-C6 Information

Detected
Sitemap Detected OWASP PC-C7 Information

SQL File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information

2013-A7
Static Content Security Policy (CSP) OWASP 2013-A5 Information

Nonce Identified
Subresource Integrity (SRI) Not Information

Implemented
TCExam Detected OWASP PC-C7 Information
Test File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information

2013-A7
UNC Server and Share Disclosure WASC-15, OWASP PC-C7, OWASP Information
2013-A5
Unexpected Redirect Response Body OWASP PC-C6 Information

(Too Large)
Unknown Option Used In Referrer- OWASP PC-C9, OWASP 2013-A6 Information

Policy
Unsupported Hash Detected In OWASP 2013-A5 Information

Content Security Policy (CSP)
Vanilla Forums Detected OWASP PC-C7 Information
Version Disclosure (IIS) CAPEC-170, WASC-45, OWASP PC-C7 Information
Weak Nonce Detected in Content OWASP 2013-A5 Information

Security Policy (CSP) Declaration
Web.config File Detected CAPEC-87, WASC-34, OWASP PC-C6, Information

OWASP 2013-A7
Webalizer Detected CAPEC-224, WASC-45, OWASP PC-C6 Information
WebDAV Enabled OWASP PC-C6 Information
webERP Detected OWASP PC-C7 Information
WeBid Detected OWASP PC-C7 Information
Wildcard Detected In Domain Portion Information

of Content Security Policy (CSP)
Directive
Wildcard Detected In Port Portion of Information

Content Security Policy (CSP)
Directive
Wildcard Detected In Scheme Portion Information

of Content Security Policy (CSP)
Directive
WordPress Detected OWASP PC-C7 Information
WS_FTP Log File Detected CAPEC-118, WASC-13, OWASP PC-C6 Information
XOOPS Detected OWASP PC-C7 Information
YetiForce CRM Detected OWASP PC-C7 Information
YOURLS Detected OWASP PC-C7 Information
Zen Cart Detected OWASP PC-C7 Information

ZenPhoto Detected OWASP PC-C7 Information
Zikula Detected OWASP PC-C7 Information
Zurmo Detected OWASP PC-C7 Information

Vulnerability Classification

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vulnerability Classification

Uploaded by

Copyright:

Available Formats

Vulnerability Name Classifications Severity

Bash Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Blind Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Blind SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Code Evaluation (ASP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Code Evaluation (Node.js) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Code Evaluation (Perl) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Code Evaluation (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Code Evaluation (RoR) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

OpenSSL Heartbleed PCI v3.1-6.5.2, PCI v3.2-6.5.2, CAPEC- Critical

Remote File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Server-Side Request Forgery PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- Critical

Server-Side Template Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical

Server-Side Template Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical

Server-Side Template Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical

SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical

Web Backdoor Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- Critical

Blind Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High

Cookie Not Marked as Secure PCI v3.1-6.5.10, PCI v3.2-6.5.10, High

Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High

Elmah.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High

Expression Language Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP High

Insecure Transportation Security PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High

Local File Inclusion PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- High

Out-of-date Version (MySQL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- High

Out-of-date Version (PostgreSQL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- High

Server-Side Request Forgery (Apache High

Server-Side Request Forgery (AWS) High

Server-Side Request Forgery (MySQL) High

Server-Side Request Forgery (SSH) High

Stored Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High

SVN Detected CAPEC-118, WASC-13, OWASP 2013- High

Trace.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High

Unrestricted File Upload PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP High

Weak Basic Authentication PCI v3.1-6.5.10, PCI v3.2-6.5.10, High

Active Mixed Content over HTTPS OWASP 2013-A6 Medium

Anonymous Ciphers Supported PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium

Apache Server-Info Detected CAPEC-347, WASC-14, OWASP 2013- Medium

Apache Server-Status Detected CAPEC-347, WASC-14, OWASP 2013- Medium

Base Tag Hijacking PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- Medium

CVS Detected CAPEC-118, WASC-13, OWASP 2013- Medium

Frame Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, WASC- Medium

GIT Detected CAPEC-118, WASC-13, OWASP 2013- Medium

HTTP Header Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Medium

Insecure HTTP Usage WASC-4, OWASP 2013-A5 Medium

Insecure Transportation Security PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium

Invalid SSL Certificate PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium

Open Policy Crossdomain.xml WASC-15, OWASP 2013-A5 Medium

Open Redirection WASC-38, OWASP 2013-A10 Medium

Open Redirection (DOM based) WASC-38, OWASP 2013-A10 Medium

Open Silverlight Client Access Policy WASC-15, OWASP 2013-A5 Medium

RSA Private Key Detected CAPEC-118, WASC-13, OWASP 2013- Medium

Server-Side Request Forgery (Time OWASP 2013-A1 Medium

Source Code Disclosure (ASP.NET) CAPEC-118, WASC-13, OWASP 2013- Medium

Source Code Disclosure (ColdFusion) CAPEC-118, WASC-13, OWASP 2013- Medium

Source Code Disclosure (Generic) CAPEC-118, WASC-13, OWASP 2013- Medium

Source Code Disclosure (Java) CAPEC-118, WASC-13, OWASP 2013- Medium

Source Code Disclosure (Perl) CAPEC-118, WASC-13, OWASP 2013- Medium

Source Code Disclosure (PHP) CAPEC-118, WASC-13, OWASP 2013- Medium

Source Code Disclosure (Python) CAPEC-118, WASC-13, OWASP 2013- Medium

Source Code Disclosure (Ruby) CAPEC-118, WASC-13, OWASP 2013- Medium

Source Code Disclosure (Tomcat) CAPEC-118, WASC-13, OWASP 2013- Medium

Sublime SFTP Config File Detected WASC-15, OWASP 2013-A5 Medium