SOAtest and Virtualize 2021.2
Page tree

Versions Compared

Old Version 3

changes.mady.by.user Chieko Sugizaki

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space FUNCTDEV and version SVC2021.2

...

IDRuleCWE IDRiskTypeProfile
0Directory Browsing 548mediumActiveREST/SOAP
2Private IP Disclosure 200lowPassiveREST/SOAP
3Session ID in URL Rewrite 200mediumPassiveREST/SOAP
6Path Traversal 22highActiveREST/SOAP
7Remote File Inclusion 98highActiveREST
41Source Code Disclosure - Git 541highActiveREST/SOAP
42Source Code Disclosure - SVN 541mediumActiveREST/SOAP
43Source Code Disclosure - File Inclusion 541highActiveREST/SOAP
10003Vulnerable JS Library 829mediumPassiveREST/SOAP
10009In Page Banner Information Leak 200lowPassiveREST/SOAP
10010Cookie No HttpOnly Flag 1004lowPassiveREST/SOAP
10011Cookie Without Secure Flag 614lowPassiveREST/SOAP
10015Incomplete or No Cache-control Header Set 525lowPassiveREST
10017Cross-Domain JavaScript Source File Inclusion 829lowPassiveREST/SOAP
10019Content-Type Header Missing 345informationalPassiveREST/SOAP
10020X-Frame-Options Header 1021mediumPassiveREST/SOAP
10021X-Content-Type-Options Header Missing 693lowPassiveREST
10023Information Disclosure - Debug Error Messages 200lowPassiveREST/SOAP
10024Information Disclosure - Sensitive Information in URL 200informationalPassiveREST/SOAP
10025Information Disclosure - Sensitive Information in HTTP Referrer Header 200informationalPassiveREST/SOAP
10026HTTP Parameter Override 20mediumPassiveREST/SOAP
10027Information Disclosure - Suspicious Comments 200informationalPassiveREST/SOAP
10028Open Redirect 601highPassiveREST/SOAP
10029Cookie Poisoning 20informationalPassiveREST/SOAP
10030User Controllable Charset 20informationalPassiveREST/SOAP
10031User Controllable HTML Element Attribute (Potential XSS) 20informationalPassiveREST/SOAP
10032Viewstate 642high, medium, low, informationalPassiveREST/SOAP
10033Directory Browsing 548mediumPassiveREST/SOAP
10034Heartbleed OpenSSL Vulnerability (Indicative) 119highPassiveREST/SOAP
10035Strict-Transport-Security Header 319low, informationalPassiveREST/SOAP
10036HTTP Server Response Header 200low, informationalPassiveREST/SOAP
10037Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s) 200lowPassiveREST/SOAP
10038Content Security Policy (CSP) Header Not Set 693medium, informationalPassiveREST/SOAP
10039X-Backend-Server Header Information Leak 200lowPassiveREST/SOAP
10040Secure Pages Include Mixed Content 311medium, lowPassiveREST/SOAP
10041HTTP to HTTPS Insecure Transition in Form Post 319mediumPassiveREST/SOAP
10042HTTPS to HTTP Insecure Transition in Form Post 319mediumPassiveREST/SOAP
10043User Controllable JavaScript Event (XSS) 20infoPassiveREST/SOAP
10044Big Redirect Detected (Potential Sensitive Information Leak) 201lowPassiveREST/SOAP
10045Source Code Disclosure - /WEB-INF folder 541highActiveREST/SOAP
10047HTTPS Content Available via HTTP 311lowActiveREST/SOAP
10048Remote Code Execution - Shell Shock 78highActiveREST/SOAP
10049Content Cacheability 524informationalPassiveREST
10050Retrieved from Cache UnspecifiedinformationalPassiveREST/SOAP
10052X-ChromeLogger-Data (XCOLD) Header Information Leak 200mediumPassiveREST/SOAP
10054Cookie without SameSite Attribute 1275lowPassiveREST/SOAP
10055CSP 693medium, low, informationalPassiveREST/SOAP
10056X-Debug-Token Information Leak 200lowPassiveREST/SOAP
10057Username Hash Found 284informationalPassiveREST/SOAP
10061X-AspNet-Version Response Header 933lowPassiveREST/SOAP
10062PII Disclosure 359highPassiveREST/SOAP
10063Permissions Policy Header Not Set 16lowPassiveREST/SOAP
10070Use of SAML UnspecifiedinformationalPassiveREST/SOAP
10094Base64 Disclosure 200high, informationalPassiveREST/SOAP
10095Backup File Disclosure 530mediumActiveREST/SOAP
10096Timestamp Disclosure 200informationalPassiveREST/SOAP
10097Hash Disclosure 200high, lowPassiveREST/SOAP
10098Cross-Domain Misconfiguration 264mediumPassiveREST/SOAP
10099Source Code Disclosure 540mediumPassiveREST/SOAP
10103Image Location and Privacy Scanner 200informationalPassiveREST/SOAP
10105Weak Authentication Method 287high, mediumPassiveREST/SOAP
10106HTTP Only Site 311mediumActiveREST/SOAP
10107Httpoxy - Proxy Header Misuse 20highActiveREST/SOAP
10108Reverse Tabnabbing UnspecifiedmediumPassiveREST/SOAP
10109Modern Web Application UnspecifiedinformationalPassiveREST/SOAP
10110Dangerous JS Functions 749lowPassiveREST/SOAP
10202Absence of Anti-CSRF Tokens 352low, informationalPassiveREST/SOAP
20015Heartbleed OpenSSL Vulnerability 119highActiveREST/SOAP
20016Cross-Domain Misconfiguration 264highActiveREST/SOAP
20017Source Code Disclosure - CVE-2012-1823 20highActiveREST/SOAP
20018Remote Code Execution - CVE-2012-1823 20highActiveREST/SOAP
20019External Redirect 601highActiveREST
30001Buffer Overflow 120mediumActiveREST/SOAP
30002Format String Error 134mediumActiveREST/SOAP
30003Integer Overflow Error 190mediumActiveREST
40003CRLF Injection 113mediumActiveREST
40008Parameter Tampering 472mediumActiveREST/SOAP
40009Server Side Include 97highActiveREST
40012Cross Site Scripting (Reflected) 79highActiveREST
40013Session Fixation 384highActiveREST/SOAP
40014Cross Site Scripting (Persistent) 79highActiveREST
40015LDAP Injection 90highActiveREST/SOAP
40016Cross Site Scripting (Persistent) - Prime 79informationalActiveREST
40017Cross Site Scripting (Persistent) - Spider 79informationalActiveREST
40018SQL Injection 89highActiveREST/SOAP
40025Proxy Disclosure 200mediumActiveREST/SOAP
40028ELMAH Information Leak 215mediumActiveREST/SOAP
40029Trace.axd Information Leak 215mediumActiveREST/SOAP
40032.htaccess Information Leak 215mediumActiveREST/SOAP
40034.env Information Leak 215mediumActiveREST/SOAP
40035Hidden File Finder 538mediumActiveREST/SOAP
40038Bypassing 403 UnspecifiedmediumActiveREST/SOAP
40039Web Cache Deception UnspecifiedmediumActiveREST/SOAP
40040CORS Header 942high, medium, informationalActiveREST
90001Insecure JSF ViewState 642mediumPassiveREST/SOAP
90002Java Serialization Object 502mediumPassiveREST/SOAP
90003Sub Resource Integrity Attribute Missing 345mediumPassiveREST/SOAP
90004Insufficient Site Isolation Against Spectre Vulnerability 693lowPassiveREST/SOAP
90011Charset Mismatch 436informationalPassiveREST/SOAP
90017XSLT Injection 91mediumActiveREST/SOAP
90019Server Side Code Injection 94highActiveREST/SOAP
90020Remote OS Command Injection 78highActiveREST/SOAP
90021XPath Injection 643highActiveREST/SOAP
90022Application Error Disclosure 200mediumPassiveREST/SOAP
90023XML External Entity Attack 611highActiveREST/SOAP
90024Generic Padding Oracle 209highActiveREST/SOAP
90028Insecure HTTP Method 200mediumActiveREST/SOAP
90030WSDL File Detection UnspecifiedinformationalPassiveREST/SOAP
90033Loosely Scoped Cookie 565informationalPassiveREST/SOAP
90034Cloud Metadata Potentially Exposed UnspecifiedhighActiveREST/SOAP
110001Application Error Disclosure via WebSockets 209mediumPassiveREST/SOAP
110002Base64 Disclosure in WebSocket message UnspecifiedinformationalPassiveREST/SOAP
110003Information Disclosure - Debug Error Messages via WebSocket 200lowPassiveREST/SOAP
110004Email address found in WebSocket message 200informationalPassiveREST/SOAP
110005Personally Identifiable Information via WebSocket 359highPassiveREST/SOAP
110006Private IP Disclosure via WebSocket UnspecifiedlowPassiveREST/SOAP
110007Username Hash Found in WebSocket message 284informationalPassiveREST/SOAP
110008Information Disclosure - Suspicious Comments in XML via WebSocket 200informationalPassiveREST/SOAP
111001HTTP Verb Tampering (Parasoft proprietary rule)287mediumActiveREST

Integration with Burp Suite

...