...
| ID | Rule | CWE ID | OWASP | Risk | Type | Profile |
|---|---|---|---|---|---|---|
| 0 | Directory Browsing | 548 | A01:2021 | medium | Active | Web/REST/SOAP |
| 2 | Private IP Disclosure | 200 | A01:2021 | low | Passive | Web/REST/SOAP |
| 3 | Session ID in URL Rewrite | 200 | A01:2021 | medium | Passive | Web/REST/SOAP |
| 6 | Path Traversal | 22 | A03:2021 | high | Active | Web/REST/SOAP |
| 7 | Remote File Inclusion | 98 | A03:2021 | high | Active | Web/REST |
| 41 | Source Code Disclosure - Git | 541 | A05:2021 | high | Active | Web/REST/SOAP |
| 42 | Source Code Disclosure - SVN | 541 | A05:2021 | medium | Active | Web/REST/SOAP |
| 43 | Source Code Disclosure - File Inclusion | 541 | A05:2021 | high | Active | Web/REST/SOAP |
| 10003 | Vulnerable JS Library | 829 | A06:2021 | medium | Passive | Web/REST/SOAP |
| 10009 | In Page Banner Information Leak | 200 | A05:2021 | low | Passive | Web/REST/SOAP |
| 10010 | Cookie No HttpOnly Flag | 1004 | A05:2021 | low | Passive | Web/REST/SOAP |
| 10011 | Cookie Without Secure Flag | 614 | A05:2021 | low | Passive | Web/REST/SOAP |
| 10015 | Incomplete or No Cache-control Header Set | 525 | Unspecified | low | Passive | Web/REST |
| 10017 | Cross-Domain JavaScript Source File Inclusion | 829 | A08:2021 | low | Passive | Web/REST/SOAP |
| 10019 | Content-Type Header Missing | 345 | A05:2021 | informational | Passive | Web/REST/SOAP |
| 10020 | Anti-clickjacking Header | 1021 | Unspecified | medium | Passive | Web/REST/SOAP |
| 10021 | X-Content-Type-Options Header Missing | 693 | A05:2021 | low | Passive | Web/REST |
| 10023 | Information Disclosure - Debug Error Messages | 200 | A01:2021 | low | Passive | Web/REST/SOAP |
| 10024 | Information Disclosure - Sensitive Information in URL | 200 | A01:2021 | informational | Passive | Web/REST/SOAP |
| 10025 | Information Disclosure - Sensitive Information in HTTP Referrer Header | 200 | A01:2021 | informational | Passive | Web/REST/SOAP |
| 10026 | HTTP Parameter Override | 20 | A04:2021 | medium | Passive | Web/REST/SOAP |
| 10027 | Information Disclosure - Suspicious Comments | 200 | A01:2021 | informational | Passive | Web/REST/SOAP |
| 10028 | Open Redirect | 601 | A03:2021 | high | Passive | Web/REST/SOAP |
| 10029 | Cookie Poisoning | 20 | A03:2021 | informational | Passive | Web/REST/SOAP |
| 10030 | User Controllable Charset | 20 | A03:2021 | informational | Passive | Web/REST/SOAP |
| 10031 | User Controllable HTML Element Attribute (Potential XSS) | 20 | A03:2021 | informational | Passive | Web/REST/SOAP |
| 10032 | Viewstate | 642 | Unspecified | high, medium, low, informational | Passive | Web/REST/SOAP |
| 10033 | Directory Browsing | 548 | A01:2021 | medium | Passive | Web/REST/SOAP |
| 10034 | Heartbleed OpenSSL Vulnerability (Indicative) | 119 | A09:2021 | high | Passive | Web/REST/SOAP |
| 10035 | Strict-Transport-Security Header | 319 | A05:2021 | low, informational | Passive | Web/REST/SOAP |
| 10036 | HTTP Server Response Header | 200 | A05:2021 | low, informational | Passive | Web/REST/SOAP |
| 10037 | Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s) | 200 | A01:2021 | low | Passive | Web/REST/SOAP |
| 10038 | Content Security Policy (CSP) Header Not Set | 693 | A05:2021 | medium, informational | Passive | Web/REST/SOAP |
| 10039 | X-Backend-Server Header Information Leak | 200 | A05:2021 | low | Passive | Web/REST/SOAP |
| 10040 | Secure Pages Include Mixed Content | 311 | A05:2021 | medium, low | Passive | Web/REST/SOAP |
| 10041 | HTTP to HTTPS Insecure Transition in Form Post | 319 | A02:2021 | medium | Passive | Web/REST/SOAP |
| 10042 | HTTPS to HTTP Insecure Transition in Form Post | 319 | A02:2021 | medium | Passive | Web/REST/SOAP |
| 10043 | User Controllable JavaScript Event (XSS) | 20 | A03:2021 | info | Passive | Web/REST/SOAP |
| 10044 | Big Redirect Detected (Potential Sensitive Information Leak) | 201 | A04:2021 | low | Passive | Web/REST/SOAP |
| 10045 | Source Code Disclosure - /WEB-INF folder | 541 | A05:2021 | high | Active | Web/REST/SOAP |
| 10047 | HTTPS Content Available via HTTP | 311 | A05:2021 | low | Active | Web/REST/SOAP |
| 10048 | Remote Code Execution - Shell Shock | 78 | A09:2021 | high | Active | Web/REST/SOAP |
| 10049 | Content Cacheability | 524 | Unspecified | informational | Passive | Web/REST |
| 10050 | Retrieved from Cache | Unspecified | Unspecified | informational | Passive | Web/REST/SOAP |
| 10051 | Relative Path Confusion | 20 | A05:2021 | medium | Active | Web |
| 10052 | X-ChromeLogger-Data (XCOLD) Header Information Leak | 200 | A04:2021 | medium | Passive | Web/REST/SOAP |
| 10054 | Cookie without SameSite Attribute | 1275 | A01:2021 | low | Passive | Web/REST/SOAP |
| 10055 | CSP | 693 | A05:2021 | medium, low, informational | Passive | Web/REST/SOAP |
| 10056 | X-Debug-Token Information Leak | 200 | A01:2021 | low | Passive | Web/REST/SOAP |
| 10057 | Username Hash Found | 284 | A01:2021 | informational | Passive | Web/REST/SOAP |
| 10061 | X-AspNet-Version Response Header | 933 | A05:2021 | low | Passive | Web/REST/SOAP |
| 10062 | PII Disclosure | 359 | A04:2021 | high | Passive | Web/REST/SOAP |
| 10063 | Permissions Policy Header Not Set | 16 | A01:2021 | low | Passive | Web/REST/SOAP |
| 10070 | Use of SAML | Unspecified | Unspecified | informational | Passive | Web/REST/SOAP |
| 10094 | Base64 Disclosure | 200 | A04:2021 | high, informational | Passive | Web/REST/SOAP |
| 10095 | Backup File Disclosure | 530 | A04:2021 | medium | Active | Web/REST/SOAP |
| 10096 | Timestamp Disclosure | 200 | A01:2021 | informational | Passive | Web/REST/SOAP |
| 10097 | Hash Disclosure | 200 | A04:2021 | high, low | Passive | Web/REST/SOAP |
| 10098 | Cross-Domain Misconfiguration | 264 | A01:2021 | medium | Passive | Web/REST/SOAP |
| 10099 | Source Code Disclosure | 540 | A05:2021 | medium | Passive | Web/REST/SOAP |
| 10103 | Image Location and Privacy Scanner | 200 | Unspecified | informational | Passive | Web/REST/SOAP |
| 10105 | Weak Authentication Method | 287 | A01:2021 | high, medium | Passive | Web/REST/SOAP |
| 10106 | HTTP Only Site | 311 | A05:2021 | medium | Active | Web/REST/SOAP |
| 10107 | Httpoxy - Proxy Header Misuse | 20 | A06:2021 | high | Active | Web/REST/SOAP |
| 10108 | Reverse Tabnabbing | Unspecified | A04:2021 | medium | Passive | Web/REST/SOAP |
| 10109 | Modern Web Application | Unspecified | Unspecified | informational | Passive | Web/REST/SOAP |
| 10110 | Dangerous JS Functions | 749 | A04:2021 | low | Passive | Web/REST/SOAP |
| 10202 | Absence of Anti-CSRF Tokens | 352 | A01:2021 | low, informational | Passive | Web/REST/SOAP |
| 20012 | Anti-CSRF Tokens Check | 352 | A05:2021 | high | Active | Web |
| 20015 | Heartbleed OpenSSL Vulnerability | 119 | A06:2021 | high | Active | Web/REST/SOAP |
| 20016 | Cross-Domain Misconfiguration | 264 | A01:2021 | high | Active | Web/REST/SOAP |
| 20017 | Source Code Disclosure - CVE-2012-1823 | 20 | A06:2021 | high | Active | Web/REST/SOAP |
| 20018 | Remote Code Execution - CVE-2012-1823 | 20 | A06:2021 | high | Active | Web/REST/SOAP |
| 20019 | External Redirect | 601 | A03:2021 | high | Active | Web/REST |
| 30001 | Buffer Overflow | 120 | A03:2021 | medium | Active | Web/REST/SOAP |
| 30002 | Format String Error | 134 | A03:2021 | medium | Active | Web/REST/SOAP |
| 30003 | Integer Overflow Error | 190 | A03:2021 | medium | Active | Web/REST |
| 40003 | CRLF Injection | 113 | A03:2021 | medium | Active | Web/REST |
| 40008 | Parameter Tampering | 472 | A04:2021 | medium | Active | Web/REST/SOAP |
| 40009 | Server Side Include | 97 | A03:2021 | high | Active | Web/REST |
| 40012 | Cross Site Scripting (Reflected) | 79 | A03:2021 | high | Active | Web/REST |
| 40013 | Session Fixation | 384 | A01:2021 | high | Active | Web/REST/SOAP |
| 40014 | Cross Site Scripting (Persistent) | 79 | A03:2021 | high | Active | Web/REST |
| 40015 | LDAP Injection | 90 | A03:2021 | high | Active | Web/REST/SOAP |
| 40016 | Cross Site Scripting (Persistent) - Prime | 79 | Unspecified | informational | Active | Web/REST |
| 40017 | Cross Site Scripting (Persistent) - Spider | 79 | Unspecified | informational | Active | Web/REST |
| 40018 | SQL Injection | 89 | A03:2021 | high | Active | Web/REST/SOAP |
| 40025 | Proxy Disclosure | 200 | A05:2021 | medium | Active | Web/REST/SOAP |
| 40028 | ELMAH Information Leak | 215 | A05:2021 | medium | Active | Web/REST/SOAP |
| 40029 | Trace.axd Information Leak | 215 | A05:2021 | medium | Active | Web/REST/SOAP |
| 40031 | Out of Band XSS | 79 | A03:2021 | high | Active | Web/REST |
| 40032 | .htaccess Information Leak | 215 | A05:2021 | medium | Active | Web/REST/SOAP |
| 40034 | .env Information Leak | 215 | A05:2021 | medium | Active | Web/REST/SOAP |
| 40035 | Hidden File Finder | 538 | A05:2021 | medium | Active | Web/REST/SOAP |
| 40038 | Bypassing 403 | Unspecified | A01:2021 | medium | Active | Web/REST/SOAP |
| 40039 | Web Cache Deception | Unspecified | A05:2021 | medium | Active | Web/REST/SOAP |
| 40040 | CORS Header | 942 | A01:2021 | high, medium, informational | Active | Web/REST |
| 40042 | Spring Actuator Information Leak | 215 | A01:2021 | medium | Active | Web/REST/SOAP |
| 40044 | Exponential Entity Expansion (Billion Laughs Attack) | 776 | A04:2021 | medium | Active | Web/REST/SOAP |
| 40045 | Spring4Shell | 78 | A03:2021, A06:2021 | high | Active | Web/REST/SOAP |
| 90001 | Insecure JSF ViewState | 642 | A04:2021 | medium | Passive | Web/REST/SOAP |
| 90002 | Java Serialization Object | 502 | A04:2021 | medium | Passive | Web/REST/SOAP |
| 90003 | Sub Resource Integrity Attribute Missing | 345 | A05:2021 | medium | Passive | Web/REST/SOAP |
| 90004 | Insufficient Site Isolation Against Spectre Vulnerability | 693 | A04:2021 | low | Passive | Web/REST/SOAP |
| 90005 | Fetch Metadata Request Headers | 352 | Unspecified | informational | Passive | Web/REST |
| 90011 | Charset Mismatch | 436 | Unspecified | informational | Passive | Web/REST/SOAP |
| 90017 | XSLT Injection | 91 | A03:2021 | medium | Active | Web/REST/SOAP |
| 90019 | Server Side Code Injection | 94 | A03:2021 | high | Active | Web/REST/SOAP |
| 90020 | Remote OS Command Injection | 78 | A03:2021 | high | Active | Web/REST/SOAP |
| 90021 | XPath Injection | 643 | A03:2021 | high | Active | Web/REST/SOAP |
| 90022 | Application Error Disclosure | 200 | A05:2021 | medium | Passive | Web/REST/SOAP |
| 90023 | XML External Entity Attack | 611 | A03:2021 | high | Active | Web/REST/SOAP |
| 90024 | Generic Padding Oracle | 209 | A02:2021 | high | Active | Web/REST/SOAP |
| 90025 | Expression Language Injection | 917 | A03:2021 | high | Active | Web |
| 90028 | Insecure HTTP Method | 200 | A05:2021 | medium | Active | Web/REST/SOAP |
| 90030 | WSDL File Detection | Unspecified | A05:2021 | informational | Passive | Web/REST/SOAP |
| 90033 | Loosely Scoped Cookie | 565 | A08:2021 | informational | Passive | Web/REST/SOAP |
| 90034 | Cloud Metadata Potentially Exposed | Unspecified | A05:2021 | high | Active | Web/REST/SOAP |
| 90035 | Server Side Template Injection | 94 | Unspecified | high | Active | Web/REST |
| 90036 | Server Side Template Injection (Blind) | 74 | Unspecified | high | Active | Web/REST |
| 110001 | Application Error Disclosure via WebSockets | 209 | Unspecified | medium | Passive | Web/REST/SOAP |
| 110002 | Base64 Disclosure in WebSocket message | Unspecified | Unspecified | informational | Passive | Web/REST/SOAP |
| 110003 | Information Disclosure - Debug Error Messages via WebSocket | 200 | Unspecified | low | Passive | Web/REST/SOAP |
| 110004 | Email address found in WebSocket message | 200 | Unspecified | informational | Passive | Web/REST/SOAP |
| 110005 | Personally Identifiable Information via WebSocket | 359 | Unspecified | high | Passive | Web/REST/SOAP |
| 110006 | Private IP Disclosure via WebSocket | Unspecified | Unspecified | low | Passive | Web/REST/SOAP |
| 110007 | Username Hash Found in WebSocket message | 284 | Unspecified | informational | Passive | Web/REST/SOAP |
| 110008 | Information Disclosure - Suspicious Comments in XML via WebSocket | 200 | Unspecified | informational | Passive | Web/REST/SOAP |
| 111001 | HTTP Verb Tampering (Parasoft proprietary rule) | 287 | A07:2021 | medium | Active | Web/REST |
...