Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as OWASP 2017-A6 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
RubyGems Identified
RubyGems Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Ruby on Rails Identified
Ruby on Rails Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Rukovoditel Detected
Rukovoditel Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A6
, 
Information
SailsJS Identified
SailsJS Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SAML Response Signature Exclusion
SAML Response Signature Exclusion
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
High
SAML Response Without Signature
SAML Response Without Signature
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
, 
High
ScrollReveal Identified
ScrollReveal Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Select2 Identified
Select2 Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SemanticUI Identified
SemanticUI Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SeoPanel Detected
SeoPanel Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Serendipity Detected
Serendipity Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Server-Side Request Forgery (Apache Server Status)
Server-Side Request Forgery (Apache Server Status)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
High
Server-Side Request Forgery (elmah)
Server-Side Request Forgery (elmah)
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
High
Server-Side Request Forgery (elmah MVC)
Server-Side Request Forgery (elmah MVC)
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
High
Server-Side Request Forgery (Equinix)
Server-Side Request Forgery (Equinix)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
Critical
Server-Side Request Forgery (MySQL)
Server-Side Request Forgery (MySQL)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
High
Server-Side Request Forgery (Oracle Cloud)
Server-Side Request Forgery (Oracle Cloud)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
Critical
Server-Side Request Forgery (Packet Cloud)
Server-Side Request Forgery (Packet Cloud)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
Critical
Server-Side Request Forgery (SSH)
Server-Side Request Forgery (SSH)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
High
Server-Side Request Forgery (trace.axd)
Server-Side Request Forgery (trace.axd)
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
Critical
SharePoint Identified
SharePoint Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Shopify Identified
Shopify Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Silverstripe CMS Detected
Silverstripe CMS Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Slick Identified
Slick Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SnapSvg Identified
SnapSvg Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SonicWall SSL-VPN Server Identified
SonicWall SSL-VPN Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Sortablejs Identified
Sortablejs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Spring Boot Actuator Endpoint Detected
Spring Boot Actuator Endpoint Detected
CWE-489
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Medium
Spring Boot Misconfiguration: Actuator endpoint security disabled
Spring Boot Misconfiguration: Actuator endpoint security disabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Boot Misconfiguration: Admin MBean enabled
Spring Boot Misconfiguration: Admin MBean enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Boot Misconfiguration: Developer tools enabled on production
Spring Boot Misconfiguration: Developer tools enabled on production
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Boot Misconfiguration: H2 console enabled
Spring Boot Misconfiguration: H2 console enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Boot Misconfiguration: Overly long session timeout
Spring Boot Misconfiguration: Overly long session timeout
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Boot Misconfiguration: Unsafe value for session tracking
Spring Boot Misconfiguration: Unsafe value for session tracking
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Spring Framework Identified
Spring Framework Identified
CWE-205
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Spring Misconfiguration: HTML Escaping disabled
Spring Misconfiguration: HTML Escaping disabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Squarespace Identified
Squarespace Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Squid Identified
Squid Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Stack Trace Disclosure (Apache MyFaces)
Stack Trace Disclosure (Apache MyFaces)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.2.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Stack Trace Disclosure (Apache Shiro)
Stack Trace Disclosure (Apache Shiro)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.2.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Stack Trace Disclosure (ASP.NET)
Stack Trace Disclosure (ASP.NET)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.2.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Stack Trace Disclosure (CakePHP Framework)
Stack Trace Disclosure (CakePHP Framework)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.2.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Stack Trace Disclosure (CherryPy)
Stack Trace Disclosure (CherryPy)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.2.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Stack Trace Disclosure (ColdFusion)
Stack Trace Disclosure (ColdFusion)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Medium
Stack Trace Disclosure (Django)
Stack Trace Disclosure (Django)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Stack Trace Disclosure (Grails)
Stack Trace Disclosure (Grails)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Stack Trace Disclosure (GraphQL)
Stack Trace Disclosure (GraphQL)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.2.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Stack Trace Disclosure (Java)
Stack Trace Disclosure (Java)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Stack Trace Disclosure (Laravel)
Stack Trace Disclosure (Laravel)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Medium
Stack Trace Disclosure (Node.js)
Stack Trace Disclosure (Node.js)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.2.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Stack Trace Disclosure (PHP)
Stack Trace Disclosure (PHP)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.2.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Stack Trace Disclosure (Python)
Stack Trace Disclosure (Python)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Stack Trace Disclosure (RoR)
Stack Trace Disclosure (RoR)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Stack Trace Disclosure (Ruby-Sinatra Framework)
Stack Trace Disclosure (Ruby-Sinatra Framework)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Medium
Static Nonce Identified in Content Security Policy (CSP)
Static Nonce Identified in Content Security Policy (CSP)
CWE-16
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Information
Struts 2 Config Browser plugin enabled
Struts 2 Config Browser plugin enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Struts 2 Development Mode Enabled
Struts 2 Development Mode Enabled
CWE-16
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
, 
Medium
Struts2 Development Mode Enabled
Struts2 Development Mode Enabled
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-16
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Sublime SFTP Config File Detected
Sublime SFTP Config File Detected
CWE-16
, 
ISO27001-A.18.1.3
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
Medium
Sugar CRM Identified
Sugar CRM Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
SVN Detected
SVN Detected
CAPEC-118
, 
CWE-527
, 
ISO27001-A.9.4.1
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
High
SwaggerUI Identified
SwaggerUI Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
SweetAlert2 Identified
SweetAlert2 Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Tableau Server Detected
Tableau Server Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Taleo Web Server Identified
Taleo Web Server Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
TCExam Detected
TCExam Detected
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Telerik Web UI Identified
Telerik Web UI Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
ThreeJs Identified
ThreeJs Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
TinyMCE Identified
TinyMCE Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information
Tomcat Identified
Tomcat Identified
CWE-205
, 
ISO27001-A.14.2.5
, 
WASC-13
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
, 
Information