|
| 1 | +"IP","HOSTNAME","LAST SCAN","QID","VULN TITLE","TYPE","SEVERITY","PORT","PROTOCOL","OPERATING SYSTEM","IS_PCI","FALSE POSITIVE STATUS","CVSS_BASE","Q_SEVERITY","THREAT","IMPACT","SOLUTION","CVSS_TEMPORAL","CATEGORY","RESULT","BUGTRAQID","CVEID" |
| 2 | +"18.238.109.17","help.example.co","2024-09-16 04:00:30","150059","Reference to Windows file path is present in HTML","POTENTIAL","M","80","tcp","","Y","-","5.3","1","Windows specific file path was detected in the response.","The response may be an error response that disclosed a local file path. This may potentially be a sensitive information.","The content should be reviewed to determine whether it could be masked or removed.","4.7","Web Application","url: https://help.example.co/ matched: .toLowerCase().split(\ -\ ) c=b.join(\ _\ );return c}} {key:\ fetchQuery\ value:function i(a){var b=this c=this.props d=c.org e=c.domain f=this.getTransformedNavigatorLang() g=f?\ &lang=\ +f:\ \ h=\ https://\ +d.name+\ .api.\ +e+\ /p/v1/kb/deflection/search?term=\ +encodeURIComponent(a)+g;return fetch(h).then(function(a){return a.json()}).then(function(a){var c=a.data;if(c){var d=c.slice(0 5);b.setState({articl url: https://help.example.co/. matched: .toLowerCase().split(\ -\ ) c=b.join(\ _\ );return c}} {key:\ fetchQuery\ value:function i(a){var b=this c=this.props d=c.org e=c.domain f=this.getTransformedNavigatorLang() g=f?\ &lang=\ +f:\ \ h=\ https://\ +d.name+\ .api.\ +e+\ /p/v1/kb/deflection/search?term=\ +encodeURIComponent(a)+g;return fetch(h).then(function(a){return a.json()}).then(function(a){var c=a.data;if(c){var d=c.slice(0 5);b.setState({articl","-","" |
| 3 | +"18.238.109.17","help.example.co","2024-09-16 04:00:30","150059","Reference to Windows file path is present in HTML","POTENTIAL","M","443","tcp","","Y","-","5.3","1","Windows specific file path was detected in the response.","The response may be an error response that disclosed a local file path. This may potentially be a sensitive information.","The content should be reviewed to determine whether it could be masked or removed.","4.7","Web Application","url: https://help.example.co/ matched: .toLowerCase().split(\ -\ ) c=b.join(\ _\ );return c}} {key:\ fetchQuery\ value:function i(a){var b=this c=this.props d=c.org e=c.domain f=this.getTransformedNavigatorLang() g=f?\ &lang=\ +f:\ \ h=\ https://\ +d.name+\ .api.\ +e+\ /p/v1/kb/deflection/search?term=\ +encodeURIComponent(a)+g;return fetch(h).then(function(a){return a.json()}).then(function(a){var c=a.data;if(c){var d=c.slice(0 5);b.setState({articl","-","" |
| 4 | +"44.207.58.177","jt.example.co","2024-09-15 09:00:18","11827","HTTP Security Header Not Detected","CONFIRMED","M","443","tcp","","Y","-","5.3","2","This QID reports the absence of the following <A HREF= https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers TARGET= _blank >HTTP headers</A> according to <A HREF= https://cwe.mitre.org/data/definitions/693.html TARGET= _blank >CWE-693: Protection Mechanism Failure</A>:<BR> X-Content-Type-Options: This HTTP header will prevent the browser from interpreting files as a different MIME type to what is specified in the Content-Type HTTP header. <BR> Strict-Transport-Security: The HTTP Strict-Transport-Security response header (HSTS) allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections and never via the insecure HTTP protocol.<P> <P>QID Detection Logic:<BR> This unauthenticated QID looks for the presence of the following HTTP responses:<BR> The Valid directives are as belows: X-Content-Type-Options: nosniff<P> Strict-Transport-Security: max-age=< [;includeSubDomains]<P> ","Depending on the vulnerability being exploited an unauthenticated remote attacker could conduct cross-site scripting clickjacking or MIME-type sniffing attacks.","<B>Note:</B> To better debug the results of this QID it is requested that customers execute commands to simulate the following functionality: curl -lkL --verbose.<P> CWE-693: Protection Mechanism Failure mentions the following - The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example against the most common attacks - but it does not protect against everything that is intended. Finally an "ignored" mechanism occurs when a mechanism is available and in active use within the product but the developer has not applied it in some code path.<P> Customers are advised to set proper <A HREF= https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options TARGET= _blank >X-Content-Type-Options</A> and <A HREF= https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security TARGET= _blank >Strict-Transport-Security</A> HTTP response headers.<P> Depending on their server software customers can set directives in their site configuration or Web.config files. Few examples are:<P> X-Content-Type-Options:<BR> Apache: Header always set X-Content-Type-Options: nosniff<P> HTTP Strict-Transport-Security:<BR> Apache: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<BR> Nginx: add_header Strict-Transport-Security max-age=31536000;<P> <B>Note: Network devices that include a HTTP/HTTPS console for administrative/management purposes often do not include all/some of the security headers. This is a known issue and it is recommend to contact the vendor for a solution. </B><P>","4.7","CGI","X-Content-Type-Options HTTP Header missing on port 443. GET / HTTP/1.1 Host: jt.example.co Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0 <html><head><title>jt edge server ver v1.42.0-1-g7a7022e4 / 2022-06-09T21:08:14.000000Z</title></head><body> <small> jt edge server ver v1.42.0-1-g7a7022e4 / 2022-06-09T21:08:14.000000Z. Configure jt (/configurator) </small> </body></html>Strict-Transport-Security HTTP Header missing on port 443. HTTP/1.1 200 OK Date: Sun 15 Sep 2024 09:12:26 GMT Content-Type: text/html; charset=utf-8 Content-Length: 274 Connection: keep-alive Server: nginx/1.21.6","-","" |
| 5 | +"44.220.118.158","data.example.co","2024-09-16 04:00:30","150004","Predictable Resource Location Via Forced Browsing","CONFIRMED","M","80","tcp","","Y","-","5.3","2","A file directory or directory listing was discovered on the Web server. These resources are confirmed to be present based on our logic. Some of the content on these files might have sensitive information. <P>NOTE: Links found in 150004 are found by forced crawling so will not automatically be added to 150009 Links Crawled or the application site map. If links found in 150004 need to be tested they must be added as Explicit URI so they are included in scope and then will be reported in 150009. Once the link is added to be in scope (i.e. Explicit URI) this same link will no longer be reported for 150004.","The contents of this file or directory may disclose sensitive information.","It is advised to review the contents of the disclosed files. If the contents contain sensitive information please verify that access to this file or directory is permitted. If necessary remove it or apply access controls to it.","4.7","Web Application","url: https://data.example.co/wp-content/uploads/2023/01/image.png Payload: https://data.example.co/feed/image/ comment: Found this Vulnerability for redirect link: https://data.example.co/wp-content/uploads/2023/01/image.png. It was redirected from: https://data.example.co/feed/image/. Original URL is: https://data.example.co/feed/ matched: HTTP/1.1 200 OK url: https://data.example.co/wp-content/uploads/2023/08/download.svg Payload: https://data.example.co/feed/download/ comment: Found this Vulnerability for redirect link: https://data.example.co/wp-content/uploads/2023/08/download.svg. It was redirected from: https://data.example.co/feed/download/. Original URL is: https://data.example.co/feed/ matched: HTTP/1.1 200 OK url: https://data.example.co/test-flow-shopify-bw/ Payload: https://data.example.co:443/test/ comment: Found this Vulnerability for redirect link: https://data.example.co/test-flow-shopify-bw/. It was redirected from: https://data.example.co:443/test/. Original URL is: https://data.example.co:443/. matched: HTTP/1.1 200 OK url: https://data.example.co/wp-content/uploads/2023/08/users.svg Payload: https://data.example.co/feed/users/ comment: Found this Vulnerability for redirect link: https://data.example.co/wp-content/uploads/2023/08/users.svg. It was redirected from: https://data.example.co/feed/users/. Original URL is: https://data.example.co/feed/ matched: HTTP/1.1 200 OK","-","" |
0 commit comments