Wed, 11 Feb 2026 00:00:00 GMT

Web App Scanning Plugin ID 115063 with High Severity

Synopsis

AI Service Secret Disclosure

Description

Solution

Mura/Masa CMS SQL Injection

Wed, 11 Feb 2026 00:00:00 GMT

Web App Scanning Plugin ID 114450 with Critical Severity

Synopsis

Description

Mura and Masa CMS (Open-source fork) suffer from a SQL injection vulnerability on the JSON API. By crafting a specific HTTP request, a remote and unauthenticated attacker can exploit the vulnerability to gain access to the database and perform arbitrary operations.

Solution

Upgrade Masa CMS to versions 7.2.8, 7.3.13, 7.4.6 or later. Upgrade Mura CMS to latest version and reach out vendor support to confirm vulnerability fix as there is currenty no public information available.

Generic Secret Disclosure

Wed, 11 Feb 2026 00:00:00 GMT

Web App Scanning Plugin ID 114129 with High Severity

Synopsis

Generic Secret Disclosure

Description

Most of the web applications rely on various public services to provide features to their users. In secure designs, consuming these private services will require authentication like API and private keys, username and password based credentials and similar sensitive data.

Developers sometimes hard code such data in various places of their applications, without realizing that it could become publicly available in client-side JavaScript or, for example, HTML comments. By leveraging these sensitive information, a remote and unauthenticated attacker could gain privileged access to critical services used by the web application and the organization or to conduct password spraying attacks.

Mon, 17 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115027 with Medium Severity

Synopsis

Lucee Administration Panel Login Form Detected

Description

Lucee Administration Panel has been detected on the target web application.

This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality.

Solution

Restrict access to administrative functionality using a .htaccess file, limiting access to known IP Addresses.

External Backend API Detected

Mon, 17 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 114128 with Info Severity

Synopsis

External Backend API Detected

Description

Modern web applications often rely on a third party service as a backend when they are built with a micro-service architecture or using a third party SaaS service. In such deployments, it is recommended to perform additional scans directly against these backend hosts (with the consent and approval of their respective owners and hosting companies) to ensure a wide coverage of the web applications services in use.

Solution

Symfony Secret Fragments Remote Code Execution

Mon, 17 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 112685 with Critical Severity

Synopsis

Symfony Secret Fragments Remote Code Execution

Description

The Symfony framework or Symfony based projects uses a secret that is used for its cryptographic operations such as the creation of cookies or anti-CSRF tokens.

A feature (not enabled by default) allows to execute arbitrary PHP code via a GET parameter.

If this secret is exposed, through a vulnerability or due to the use of a weak/default secret, then an attacker will be able to abuse this feature to forge a URL with arbitrary PHP code, allowing remote code execution on the machine.

Solution

It is necessary to make sure that the APP_SECRET variable of your Symfony project has no default value, that it is random and sufficiently robust.

Drupal 8.0.x < 10.3.13 Multiple Vulnerabilities

Thu, 13 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 114607 with High Severity

Synopsis

Drupal 8.0.x < 10.3.13 Multiple Vulnerabilities

Description

Provides scan information and statistics of plugins run.

Solution

Custom HTTP Header Detected

Tue, 04 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115006 with Info Severity

Synopsis

Custom HTTP Header Detected

Description

This is an informational notice that the scanner was able to detect custom HTTP headers in the target application's responses.

Thu, 10 Jul 2025 00:00:00 GMT

Web App Scanning Plugin ID 98109 with Medium Severity

Synopsis

DOM-based Cross-Site Scripting (XSS)

Description

Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction.

Unlike traditional Cross-Site Scripting (XSS), where the client is able to inject scripts into a request and have the server return the script to the client, DOM XSS does not require that a request be sent to the server and may be abused entirely within the loaded page.

This occurs when elements of the DOM (known as the sources) are able to be manipulated to contain untrusted data, which the client-side scripts (known as the sinks) use or execute an unsafe way.

Scanner has discovered that by inserting an HTML element into the page's DOM inputs (sources), it was possible to then have the HTML element rendered as part of the page by the sink.

Solution

Client-side document rewriting, redirection, or other sensitive action, using untrusted data, should be avoided wherever possible, as these may not be inspected by server side filtering.
To remedy DOM XSS vulnerabilities where these sensitive document actions must be used, it is essential to:
1. Ensure any untrusted data is treated as text, as opposed to being interpreted as code or mark-up within the page. 2. Escape untrusted data prior to being used within the page. Escaping methods will vary depending on where the untrusted data is being used. (See references for details.) 3. Use `document.createElement`, `element.setAttribute`, `element.appendChild`, etc. to build dynamic interfaces as opposed to HTML rendering methods such as `document.write`, `document.writeIn`, `element.innerHTML`, or `element.outerHTML `etc.

MCP Server SSE DNS Rebinding

Thu, 03 Jul 2025 00:00:00 GMT

Web App Scanning Plugin ID 114885 with Medium Severity

Synopsis

MCP Server SSE DNS Rebinding

Description

ModelContextProtocol (MCP) servers using SSE (Server-Sent Events) transport mode are prone to DNS rebinding attacks when they do not enforce strict verification of both the 'Origin' and 'Host' headers. This vulnerability allows an attacker to bypass same-origin policies, potentially leading to unauthorized access to sensitive data or actions on behalf of the user in the context of the vulnerable MCP server.

This detection is included in the AI and LLM category.

Solution

Ensure that the MCP server enforces both the 'Origin' and the 'Host' header validation to prevent DNS rebinding attacks. This can be achieved by implementing strict validation rules for incoming requests, ensuring that the 'Host' header matches the expected domain and that the 'Origin' header is from a trusted source.

SimpleHelp Detected

Thu, 03 Jul 2025 00:00:00 GMT

Web App Scanning Plugin ID 114655 with Info Severity

Synopsis

SimpleHelp Detected

Description

This is an informational notice that the scanner was able to detect a SimpleHelp instance on the target server.

Note that this detection is included in the Remote Access Tools category.

Fri, 16 May 2025 00:00:00 GMT

Web App Scanning Plugin ID 113973 with Info Severity

Synopsis

Web Services Description Language (WSDL) File Detected

Description

A Web Services Description Language (WSDL) file has been detected on this url.

Remove the detected file(s) immediately from the web application if they are embedded in it, and ensure that the script is not loaded from any untrusted external source. Some vendors have already put some mitigations in place to rewrite content using the malicious `polyfill.io` domain or to serve a safe version of the library.

Local File Inclusion

Thu, 17 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 98125 with High Severity

Synopsis

Local File Inclusion

Description

Solution

It is recommended that untrusted data is never used to form a file location to be included.
To validate data, the application should ensure that the supplied value for a file is permitted. This can be achieved by performing whitelisting on the parameter value, by matching it against a list of permitted files. If the supplied value does not match any value in the whitelist, then the server should redirect to a standard error page.
In some scenarios, where dynamic content is being requested, it may not be possible to perform validation against a list of trusted resources, therefore the list must also become dynamic (updated as the files change), or perform filtering to remove extraneous user input (such as semicolons, periods etc.) and only permit `a-z0-9`.
It is also advised that sensitive files are not stored within the web root and that the user permissions enforced by the directory are correct.

Operating System Command Injection

Thu, 17 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 98123 with Critical Severity

Synopsis

Operating System Command Injection

Description

OS command injection occurs when user supplied input is used to form a command to be executed by the operating system.

Scanner was able to inject specific Operating System commands and have the output from that command contained within the server response. This indicates that input is not being sanitized properly.

Solution

It is recommended that untrusted data is never used to form a command to be executed by the OS.
To validate data, the application should ensure that the supplied value contains only the characters that are required to perform the required action.

Path Traversal

Thu, 17 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 98100 with High Severity

Synopsis

Path Traversal

Description

Web applications occasionally use parameter values to store the location of a file which will later be required by the server.

An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example `example.com/error.php?page=404.php`.

A path traversal occurs when the parameter value (ie. path to file being called by the server) can be substituted with the relative path of another resource which is located outside of the applications working directory. The server then loads the resource and includes its contents in the response to the client.

Cyber-criminals will abuse this vulnerability to view files that should otherwise not be accessible.

A very common example of this, on *nix servers, is gaining access to the `/etc/passwd` file in order to retrieve a list of server users. This attack would look like: `yoursite.com/error.php?page=../../../../etc/passwd`

As path traversal is based on the relative path, the payload must first traverse to the file system's root directory, hence the string of `../../../../`.

Scanner discovered that it was possible to substitute a parameter value with a relative path to a common operating system file and have the contents of the file included in the response.

Tue, 25 Feb 2025 00:00:00 GMT

Web App Scanning Plugin ID 98083 with Info Severity

Synopsis

CAPTCHA Detection

Description

Detects any known CAPTCHA products being used on a page.

Mon, 23 Dec 2024 00:00:00 GMT

Web App Scanning Plugin ID 98107 with Medium Severity

Synopsis

Cross-Site Scripting (XSS) in path

Description

Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction.

Cross Site Scripting (XSS) allows clients to inject scripts into a request and have the server return the script to the client in the response. This occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or sanitisation.

If the injected script is returned immediately this is known as reflected XSS. If the injected script is stored by the server and returned to any client visiting the affected page, then this is known as persistent XSS (also stored XSS).

Scanner has discovered that it is possible to insert script content directly into the requested PATH and have it returned in the server's response. For example `HTTP://yoursite.com/INJECTION_HERE/`, where `INJECTION_HERE` represents the location where the scanner payload was injected.

Carefully evaluate which sites will be allowed to make cross-domain calls.
Consider network topology and any authentication mechanisms that will be affected by the configuration or implementation of the cross-domain policy.

Insecure Cross-Domain Policy (allow-access-from)

Tue, 26 Nov 2024 00:00:00 GMT

Express.js Cookie-Session Weak Secret Key

Description

Express.js applications with Cookie-Session use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in an environment variable and is used for multiple security-critical operations.

When a weak or easily guessable application key is used, it compromises the security of the entire application. Attackers can potentially decrypt sensitive data, forge valid session cookies, or even execute remote code in some scenarios.

Solution

The secret key used to sign the cookies in the application must be stronger (long and random) to prevent it from being retrieved with a bruteforce attack.

Performance Telemetry

Thu, 03 Oct 2024 00:00:00 GMT

Web App Scanning Plugin ID 113393 with Info Severity

Synopsis

Performance Telemetry

Description

This finding provides information to assist in scan performance tuning.

Upgrade to nginx 1.2.9 or later.

Nginx < 1.4.1 ngx_http_proxy_module.c Multiple Vulnerabilities

Fri, 06 Sep 2024 00:00:00 GMT

Web App Scanning Plugin ID 98950 with Critical Severity

Synopsis

Nginx < 1.4.1 ngx_http_proxy_module.c Multiple Vulnerabilities

Description

Solution

Upgrade to nginx 1.4.1 or later.

Atlassian Confluence 8.6.x < 8.9.1 Cross-Site Scripting

Fri, 06 Sep 2024 00:00:00 GMT

Web App Scanning Plugin ID 114379 with High Severity

Synopsis

Atlassian Confluence 8.6.x < 8.9.1 Cross-Site Scripting

Description

Description

Description

Description

Description

According to its Server response header, the installed version of nginx is prior to 1.22.1 or 1.23.x prior to 1.23.2. It is, therefore, affected by two security issues which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to nginx version 1.23.2 or later.

Nginx < 1.22.1 Multiple Vulnerabilities

Fri, 06 Sep 2024 00:00:00 GMT

Web App Scanning Plugin ID 113420 with Critical Severity

Synopsis

Nginx < 1.22.1 Multiple Vulnerabilities

Description

Solution

Upgrade to nginx version 1.22.1 or later.

XPath Injection

Mon, 12 Aug 2024 00:00:00 GMT

Web Cache Poisoning

OpenAPI file could not be imported and cannot be used during the scan.

Solution

OpenAPI Import Success

Mon, 27 May 2024 00:00:00 GMT

Web App Scanning Plugin ID 112569 with Info Severity

Synopsis

OpenAPI Import Success

Description

OpenAPI file was successfully imported and can be used during the scan.

CrushFTP < 10.7.1 / 11.x < 11.1.0 VFS Sandbox Escape

Wed, 24 Apr 2024 00:00:00 GMT

Web App Scanning Plugin ID 114273 with Critical Severity

Synopsis

CrushFTP < 10.7.1 / 11.x < 11.1.0 VFS Sandbox Escape

Description

CrushFTP versions prior to 10.7.1 and 11.x < 11.1.0 are vulnerable to a "VFS Sandbox Escape" allowing a remote attacker with low privileges to read files from the file system outside the sandbox.

Solution

Upgrade to CrushFTP version 10.7.1 or 11.1.0 or later.

Permissive HTTP Strict Transport Security Policy Detected

Mon, 22 Apr 2024 00:00:00 GMT

Web App Scanning Plugin ID 98715 with Low Severity

Synopsis

Permissive HTTP Strict Transport Security Policy Detected

Description

Description

This plugin is raised when the scanner has not been able to authenticate against the web application using the Selenium script provided in the scan policy.

Check the output of the plugin to get an explanation of the issue encountered by the scan.

Solution

Edit scan policy and update the Selenium script using the information provided in the plugin output.

Selenium Authentication Succeeded

Tue, 09 Apr 2024 00:00:00 GMT

Web App Scanning Plugin ID 98141 with Info Severity

Synopsis

Selenium Authentication Succeeded

Description

This is an informational notice that the scanner was able to successfully authenticate against the web application using the Selenium script provided in the scan policy.

Solution

Cookie Authentication Failed

Tue, 09 Apr 2024 00:00:00 GMT

Web App Scanning Plugin ID 98140 with Info Severity

Synopsis

Cookie Authentication Failed

Description

This plugin is raised when the scanner has not been able to authenticate against the web application using the cookies provided in the scan policy.

Check the output of the plugin to get an explanation of the issue encountered by the scan.

Solution

Edit scan policy and update the cookies using the information provided in the plugin output.

Cookie Authentication Succeeded

Tue, 09 Apr 2024 00:00:00 GMT

Web App Scanning Plugin ID 98139 with Info Severity

Synopsis

Cookie Authentication Succeeded

Description

This is an informational notice that the scanner was able to successfully authenticate against the web application using the cookies provided in the scan policy.

Solution

Login Form Authentication Succeeded

Tue, 09 Apr 2024 00:00:00 GMT

Web App Scanning Plugin ID 98035 with Info Severity

Synopsis

Description

This is an informational notice that the scanner was able to successfully authenticate against the web application using the login form credentials provided in the scan policy.

Solution

Login Form Authentication Failed

Tue, 09 Apr 2024 00:00:00 GMT

This is an informational notice that the scanner was able to successfully authenticate against the web application using the bearer authentication credentials provided in the scan policy.

Solution

API Key Authentication Failed

Tue, 09 Apr 2024 00:00:00 GMT

Web App Scanning Plugin ID 113011 with Info Severity

Synopsis

API Key Authentication Failed

Description

This plugin is raised when the scanner has not been able to authenticate against the web application using the API key credentials provided in the scan policy.

Check the output of the plugin to get an explanation of the issue encountered by the scan.

Solution

Edit scan policy and update the API key authentication credentials using the information provided in the plugin output.

API Key Authentication Succeeded

Tue, 09 Apr 2024 00:00:00 GMT

Web App Scanning Plugin ID 113010 with Info Severity

Synopsis

API Key Authentication Succeeded

Description

This is an informational notice that the scanner was able to successfully authenticate against the web application using the API key credentials provided in the scan policy.

Adobe ColdFusion Remote Code Execution

Mon, 25 Mar 2024 00:00:00 GMT

Web App Scanning Plugin ID 114042 with Critical Severity

Synopsis

Adobe ColdFusion Remote Code Execution

Description

Adobe ColdFusion prior to versions 2018 Update 19, 2021 Update 9 or 2023 Update 3, suffer from an Insecure Deserialization vulnerability through the `argumentCollection` parameter on `/CFIDE/adminapi/accessmanager.cfc` endpoint. By leveraging this vulnerability, a remote unauthenticated attacker could achieve a remote code execution on the target ColdFusion instance.

Solution

Upgrade to Adobe ColdFusion versions 2018 Update 19, 2021 Update 9, 2023 Update 3 or later.

Duplicate HTTP Headers Detected

Mon, 25 Mar 2024 00:00:00 GMT

Web App Scanning Plugin ID 113333 with Info Severity

Synopsis

Duplicate HTTP Headers Detected

Description

Multiple HTTP headers of the same name have been detected. RFC 7230 states a server must not generate multiple header fields with the same field name unless either the entire field value for that header field is defined as a comma-separated list, or the header field is a well-known exception. Strings split across multiple header instances may have unpredictable results, since other elements such as command and whitespace may be inserted during recombination outside the control of the originating serializer.

Solution

Ensure that any HTTP header or meta tag http-equiv declarations are named uniquely.

Report Only Content Security Policy Detected

Mon, 25 Mar 2024 00:00:00 GMT

Web App Scanning Plugin ID 112555 with Info Severity

Synopsis

Report Only Content Security Policy Detected

Description

Solution

Ensure that Content Security Policy is configured in enforcing mode on your website by adding 'Content-Security-Policy' HTTP header or meta tag http-equiv='Content-Security-Policy' and removing the 'Content-Security-Policy-Report-Only' HTTP header or meta tag http-equiv='Content-Security-Policy-Report-Only if not needed

Missing 'Cache-Control' Header

Mon, 25 Mar 2024 00:00:00 GMT

Web App Scanning Plugin ID 112553 with Low Severity

Synopsis

Missing 'Cache-Control' Header

Description

The HTTP 'Cache-Control' header is used to specify directives for caching mechanisms.

The server did not return or returned an invalid 'Cache-Control' header which means page containing sensitive information (password, credit card, personal data, social security number, etc) could be stored on client side disk and then be exposed to unauthorised persons. This URL is flagged as a specific example.

Solution

Configure your web server to include a 'Cache-Control' header with appropriate directives. If page contains sensitive information 'Cache-Control' value should be 'no-store' and 'Pragma' header value should be 'no-cache'.

Missing Content Security Policy

Mon, 25 Mar 2024 00:00:00 GMT

Web App Scanning Plugin ID 112551 with Low Severity

Synopsis

Missing Content Security Policy

Description

Solution

Configure Content Security Policy on your website by adding 'Content-Security-Policy' HTTP header or meta tag http-equiv='Content-Security-Policy'.

HTTP Strict Transport Security Policy Detected

Mon, 25 Mar 2024 00:00:00 GMT

Web App Scanning Plugin ID 112535 with Info Severity

Synopsis

HTTP Strict Transport Security Policy Detected

Description

HTTP Strict Transport Security (HSTS) is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS.

The HSTS policy can be defined with the following settings :

- max-age: the time, in seconds, that the browser should remember that a site is only to be accessed in HTTPS.

- includeSubDomains (optional) : if this attribute is specified, the policy applies to all current site subdomains.

- preload (optional) : Google maintains a compiled list of domains which is directly distributed in some browsers to enforce HTTPS without checking for the HSTS HTTP header. As the domain submission process is public, the preload attribute is used as a validation when a domain is submitted for preloading.

The scanner detected a HSTS policy on the target application.

Selenium Crawl Succeeded

Fri, 02 Feb 2024 00:00:00 GMT

Web App Scanning Plugin ID 98143 with Info Severity

Synopsis

Selenium Crawl Succeeded

Description

This is an informational notice that the scanner was able to successfully perform the crawling scripts provided in the policy.

Description

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.x prior to 7.19.17, 8.x prior to 8.5.5 or 8.6.x prior to 8.7.2. It is, therefore, affected by a remote code execution vulnerability.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Atlassian Confluence version 8.7.2 or later.

Atlassian Confluence 8.x < 8.5.5 Remote Code Execution

Wed, 24 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 114152 with High Severity

Synopsis

Atlassian Confluence 8.x < 8.5.5 Remote Code Execution

Description

Solution

Upgrade to Atlassian Confluence version 8.5.5 or later.

Atlassian Confluence 7.13.x < 7.19.17 Remote Code Execution

Wed, 24 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 114151 with High Severity

Synopsis

Atlassian Confluence 7.13.x < 7.19.17 Remote Code Execution

A broken access control allows unauthorized access to webservice endpoints allowing access to sensitive information such as database login information.

Solution

Upgrade to Joomla! version 4.2.8 or later.

Content Injection

Fri, 19 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 113212 with Low Severity

Synopsis

Content Injection

Description

Content Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically used as, or in conjunction with, social engineering by transmitting a URL that completely modifies the target page with, for example, a fake authentication test pattern in order to steal the user's identifiers. In some cases, this attack can also lead directly or indirectly to a Cross-Site Scripting or a client-side JSON injection.

Solution

To remedy to Content Injection vulnerabilities, it is important to never use untrusted or unfiltered data within the code of a HTML page.
Untrusted data can originate not only form the client but potentially a third party or previously uploaded file etc.
Filtering of untrusted data typically involves converting special characters to their HTML entity encoded counterparts (however, other methods do exist, see references). These special characters include:
* `&` * `<` * `>` * `'` * `'` * `/`
An example of HTML entity encoding is converting `<` to `<`.
Although it is possible to filter untrusted input, there are five locations within an HTML page where untrusted input (even if it has been filtered) should never be placed:
1. Directly in a script. 2. Inside an HTML comment. 3. In an attribute name. 4. In a tag name. 5. Directly in CSS.
Each of these locations have their own form of escaping and filtering.

Microsoft SharePoint Server 2013 < 15.0.5311.1000 Multiple Vulnerabilities

Fri, 19 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 112943 with High Severity

Synopsis

Microsoft SharePoint Server 2013 < 15.0.5311.1000 Multiple Vulnerabilities

Description

Description

Description

Description

A OpenAPI configuration file has been detected and is available as an attachment below. OpenAPI is a specification that helps with documentation and consumption of REST APIs and may also be used to configure API scanning.

Solution

Nginx < 1.6.2 SSL Session Reuse

Wed, 03 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 98960 with Medium Severity

Synopsis

Nginx < 1.6.2 SSL Session Reuse

Description

According to the self-reported version in the server response header, the version of nginx installed on the remote host is 0.5.6 or higher, 1.6.x prior to 1.6.2, or 1.7.x prior to 1.7.5. It is, therefore, affected by an SSL session or TLS session ticket key handling error. A flaw exists in the file 'event/ngx_event_openssl.c' that could allow a remote attacker to obtain sensitive information or to take control of a session. This issue only affects servers having multiple 'server{}' configurations sharing the same values for 'ssl_session_cache' or 'ssl_session_ticket_key'.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to nginx 1.6.2 or later.

Nginx < 1.7.5 SSL Session Reuse

Wed, 03 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 98959 with Medium Severity

Synopsis

Nginx < 1.7.5 SSL Session Reuse

Description

Solution

Upgrade to nginx 1.7.5 or later.

Nginx < 1.6.1 SMTP STARTTLS Command Injection

Wed, 03 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 98958 with High Severity

Synopsis

Nginx < 1.6.1 SMTP STARTTLS Command Injection

Description

According to the self-reported version in the server response header, the version of nginx installed on the remote host is 1.5.6 or higher, 1.6.x prior to 1.6.1, or 1.7.x prior to 1.7.4. It is, therefore, affected by a command injection vulnerability. A flaw exists in the function 'ngx_mail_smtp_starttls' within the file 'src/mail/ngx_mail_smtp_handler.c' whereby input to the STARTTLS command is not properly sanitized. This could allow a remote attacker in a privileged network position to obtain sensitive information by injecting commands into an SSL session. This issue is exploitable only when nginx is used as an SMTP proxy.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to nginx 1.6.1 or later.

Nginx < 1.7.4 SMTP STARTTLS Command Injection

Wed, 03 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 98957 with High Severity

Synopsis

Nginx < 1.7.4 SMTP STARTTLS Command Injection

Description

Solution

Upgrade to nginx 1.7.4 or later.

Nginx < 1.4.4 ngx_parse_http Security Bypass

Wed, 03 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 98953 with Critical Severity

Synopsis

Nginx < 1.4.4 ngx_parse_http Security Bypass

Description

According to the self-reported version in the Server response header, the installed version of nginx is greater than 0.8.41 but prior to 1.4.4 / 1.5.7. It is, therefore, affected by a security bypass vulnerability in 'ngx_http_parse.c' when a file with a space at the end of the URI is requested.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to nginx 1.4.4 or later.

Nginx < 1.5.7 ngx_parse_http Security Bypass

Wed, 03 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 98952 with Critical Severity

Synopsis

Nginx < 1.5.7 ngx_parse_http Security Bypass

Solution

Upgrade to Atlassian Jira version 6.5.0.2 or later.

Atlassian Jira < 6.4.3.1 / 6.5.x < 6.5.0.2 / 7.x < 7.0.3 Software Tempo Plugin Xml Denial Of Service

Wed, 03 Jan 2024 00:00:00 GMT

Web App Scanning Plugin ID 113819 with Medium Severity

Synopsis

Atlassian Jira < 6.4.3.1 / 6.5.x < 6.5.0.2 / 7.x < 7.0.3 Software Tempo Plugin Xml Denial Of Service

Solution

Upgrade to Kibana version 7.14.1 or later.

Kibana 7.14.0 HTML Injection

Wed, 06 Dec 2023 00:00:00 GMT

Web App Scanning Plugin ID 113520 with High Severity

Synopsis

Kibana 7.14.0 HTML Injection

The scan detected that the web application makes requests that appear to be using Fetch or XMLHTTPRequests (XHRs) to communicate with a backend API server. Fetchs/XHRs allow retrieval of data from an API without triggering a page reload, making them especially useful for Single Page Applications.

E-mail Address Disclosure

Fri, 17 Nov 2023 00:00:00 GMT

Web App Scanning Plugin ID 98078 with Info Severity

Synopsis

E-mail Address Disclosure

Description

Email addresses are typically found on "Contact us" pages, however, they can also be found within scripts or code comments of the application. They are used to provide a legitimate means of contacting an organisation.

As one of the initial steps in information gathering, cyber-criminals will spider a website and using automated methods collect as many email addresses as possible, that they may then use in a social engineering attack.

Using the same automated methods, scanner was able to detect one or more email addresses that were stored within the affected page.

Solution

E-mail addresses should be presented in such a way that it is hard to process them automatically.

Cookies Collected

Fri, 17 Nov 2023 00:00:00 GMT

Web App Scanning Plugin ID 98061 with Info Severity

Synopsis

Cookies Collected

Description

The scanner collected the cookies returned by the application during the scan. The list includes the following information for each cookie:
- Name: name of the cookie
- Value: value of the cookie
- Domain: hosts to which the cookie will be sent
- Path: URL path which must exist in the requested resource before sending the cookie
- Expires: maximum lifetime of the cookie as an HTTP-date timestamp
- Max-Age: number of seconds until the cookie expires
- HttpOnly: cookie is set to be not accessible via JavaScript, XMLHttpRequest and Request APIs
- Secure: cookie will be sent to the server only when a request is made using HTTPS
- SameSite: cookie will be sent along with cross-site request according the defined policy
- URL: first URL discovered which set the cookie in its response
- Set-Method: method used by the application to set the cookie (Set-Cookie or JavaScript)
- Audited: cookie will be audited by plugins during the scan
- Reason Not Audited: reason given for the cookie not being audited during the scan

Solution

Technologies Detected

Fri, 17 Nov 2023 00:00:00 GMT

Web App Scanning Plugin ID 98059 with Info Severity

Synopsis

Technologies Detected

Description

This is an informational plugin to inform the user what technologies the framework has detected on the target application, which can then be examined and checked for known vulnerable software versions

Solution

Only use components that do not have known vulnerabilities, only use components that when combined to not introduce a security vulnerability, and ensure that a misconfiguration does not cause any vulnerabilities

Network Timeout Encountered

Fri, 17 Nov 2023 00:00:00 GMT

Web App Scanning Plugin ID 98019 with Info Severity

Synopsis

Network Timeout Encountered

Description

Provides a report of network timeouts encountered during the scan, showing URLs and the number of timeouts for each URL.

Note that assessment will stop on any URLs in timeout state, and timeouts may increase significantly the overall duration of the scan.

Solution

Solution

Disable access to the phpBB Atom feed if not required, and ensure the guest group does not have access to memberlist.php.

Session Cookies Detected

Fri, 17 Nov 2023 00:00:00 GMT

Web App Scanning Plugin ID 112798 with Info Severity

Synopsis

Session Cookies Detected

Description

The scanner collected the session cookies returned by the application during an authenticated scan. The list includes the following information for each cookie:
- Name: name of the cookie
- Value: value of the cookie
- Domain: hosts to which the cookie will be sent
- Path: URL path which must exist in the requested resource before sending the cookie
- HttpOnly: cookie is set to be not accessible via JavaScript, XMLHttpRequest and Request APIs
- Secure: cookie will be sent to the server only when a request is made using HTTPS
- SameSite: cookie will be sent along with cross-site request according the defined policy
- URL: first URL discovered which set the cookie in its response
- Set-Method: method used by the application to set the cookie (Set-Cookie or JavaScript)

Solution

PHP 5.6.x < 5.6.14 Multiple Vulnerabilities

Wed, 15 Nov 2023 00:00:00 GMT

Web App Scanning Plugin ID 98806 with High Severity

Synopsis

PHP 5.6.x < 5.6.14 Multiple Vulnerabilities

Description

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.14. It is, therefore, affected by multiple vulnerabilities :

- A NULL pointer dereference flaw exists in the phar_get_fp_offset() function in ext/phar/util.c that is triggered when pointing to a non-existent file. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

- An uninitialized pointer flaw exists in the phar_make_dirstream() function in ext/phar/dirstream.c that is triggered when handling a zip entry filename that is a single forward slash. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or to disclose sensitive information.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PHP version 5.6.14 or later.

Atlassian Confluence 8.6.x < 8.6.1 Improper Authorization

Wed, 15 Nov 2023 00:00:00 GMT

Web App Scanning Plugin ID 114105 with Critical Severity

Synopsis

Atlassian Confluence 8.6.x < 8.6.1 Improper Authorization

Description

Description

According to its self-reported version number, Prototype is prior to 1.6.0.2. Therefore, it may be affected by a cross-site ajax request vulnerability.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Prototype version 1.6.0.2 or later.

Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation

Tue, 07 Nov 2023 00:00:00 GMT

Web App Scanning Plugin ID 114058 with Critical Severity

Synopsis

Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation

Description

Description

This plugin is raised when the scanner has not been able to authenticate against the web application using the Kerberos authentication credentials provided in the scan policy.

Check the output of the plugin to get an explanation of the issue encountered by the scan.

Solution

Edit scan policy and update the Kerberos authentication credentials using the information provided in the plugin output.

Kerberos Authentication Succeeded

Tue, 07 Nov 2023 00:00:00 GMT

Web App Scanning Plugin ID 113224 with Info Severity

Synopsis

Kerberos Authentication Succeeded

Description

This is an informational notice that the scanner was able to successfully authenticate against the web application using the Kerberos authentication credentials provided in the scan policy.

Description

Pimcore Administration Panel has been detected on the target web application.

This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality.

Solution

Restrict access to administrative functionality using a .htaccess file, limiting access to known and trusted IP Addresses.

Drupal 8.7.x < 9.5.11 Cache Poisoning

Tue, 17 Oct 2023 00:00:00 GMT

Web App Scanning Plugin ID 114049 with High Severity

Synopsis

Drupal 8.7.x < 9.5.11 Cache Poisoning

Description

Description

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.15 prior to 7.13.19, 7.19.7 prior to 7.19.11 or 8.1.1 prior to 8.4.1. It is, therefore, affected by a vulnerability in the bundled Apache Tomcat. If non-default HTTP connector settings are used and maxParameterCount can be reached using query string parameters, attackers may bypass upload limits leading to a Denial of Service (DoS) attack.

Solution

Upgrade to Atlassian Confluence version 7.13.19 or later.

Google Web Toolkit Detected

Tue, 26 Sep 2023 00:00:00 GMT

Web App Scanning Plugin ID 113247 with Info Severity

Synopsis

Google Web Toolkit Detected

Description

This is an informational notice that the scanner was able to detect an application using Google Web Toolkit.

Solution

WordPress 5.3.x < 5.3.1 Multiple Vulnerabilities

Thu, 21 Sep 2023 00:00:00 GMT

Web App Scanning Plugin ID 98885 with Medium Severity

Synopsis

WordPress 5.3.x < 5.3.1 Multiple Vulnerabilities

Description

Description

Solution

Update to WordPress version 4.4.21 or latest.