@zerothreatai/vulnerability-registry 3.0.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/categories/authentication.js +17 -0
- package/dist/categories/configuration.js +501 -0
- package/dist/categories/injection.js +34 -0
- package/dist/categories/sensitive-paths.js +84 -0
- package/dist/categories/ssrf.js +11 -0
- package/dist/categories/xss.js +15 -0
- package/dist/category.d.ts +6 -0
- package/dist/category.js +15 -0
- package/dist/error-codes.d.ts +20 -0
- package/dist/error-codes.js +20 -0
- package/dist/index.d.ts +9 -1
- package/dist/index.js +5 -1
- package/dist/scanner.d.ts +6 -0
- package/dist/scanner.js +22 -0
- package/dist/types.d.ts +2 -0
- package/dist-cjs/categories/authentication.js +17 -0
- package/dist-cjs/categories/configuration.js +501 -0
- package/dist-cjs/categories/injection.js +34 -0
- package/dist-cjs/categories/sensitive-paths.js +84 -0
- package/dist-cjs/categories/ssrf.js +11 -0
- package/dist-cjs/categories/xss.js +15 -0
- package/dist-cjs/category.js +18 -0
- package/dist-cjs/error-codes.js +20 -0
- package/dist-cjs/index.js +7 -1
- package/dist-cjs/scanner.js +25 -0
- package/package.json +1 -1
- package/src/categories/authentication.js +54 -40
- package/src/categories/authentication.ts +134 -117
- package/src/categories/configuration.js +990 -114
- package/src/categories/configuration.ts +1625 -1104
- package/src/categories/injection.js +105 -74
- package/src/categories/injection.ts +129 -95
- package/src/categories/sensitive-paths.js +255 -174
- package/src/categories/sensitive-paths.ts +84 -0
- package/src/categories/ssrf.js +36 -28
- package/src/categories/ssrf.ts +11 -0
- package/src/categories/xss.js +47 -35
- package/src/categories/xss.ts +15 -0
- package/src/category.ts +16 -0
- package/src/error-codes.d.ts +38 -0
- package/src/error-codes.js +41 -6
- package/src/error-codes.ts +25 -5
- package/src/index.js +33 -48
- package/src/index.ts +20 -14
- package/src/scanner.ts +23 -0
- package/src/types.d.ts +2 -0
- package/src/types.js +1 -2
- package/src/types.ts +4 -2
- package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
|
@@ -1,22 +1,20 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* Vulnerability Registry - Configuration & Headers
|
|
4
3
|
*
|
|
5
4
|
* Definitions for Security Headers, Directory Browsing, and related issues
|
|
6
5
|
*/
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
const error_codes_js_1 = require("../error-codes.js");
|
|
10
|
-
exports.CONFIG_VULNERABILITIES = {
|
|
6
|
+
import { VulnerabilityCode } from '../error-codes.js';
|
|
7
|
+
export const CONFIG_VULNERABILITIES = {
|
|
11
8
|
// ========================================
|
|
12
9
|
// SECURITY HEADERS
|
|
13
10
|
// ========================================
|
|
14
|
-
[
|
|
11
|
+
[VulnerabilityCode.HEADER_MISSING_CSP]: {
|
|
15
12
|
id: 69,
|
|
16
|
-
code:
|
|
13
|
+
code: VulnerabilityCode.HEADER_MISSING_CSP,
|
|
17
14
|
title: 'Missing Security Header - Content-Security-Policy',
|
|
18
15
|
description: 'The application does not implement Content-Security-Policy header, leaving it vulnerable to cross-site scripting attacks that could be mitigated by restricting the sources from which scripts, styles, and other resources can be loaded into the page.',
|
|
19
16
|
severity: 'medium',
|
|
17
|
+
levelId: 3,
|
|
20
18
|
category: 'configuration',
|
|
21
19
|
scanner: 'security-headers',
|
|
22
20
|
cvss: {
|
|
@@ -32,12 +30,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
32
30
|
],
|
|
33
31
|
remediation: 'Implement Content-Security-Policy header with strict directives. Start with default-src self and progressively add required sources. Use nonce-based CSP for inline scripts.',
|
|
34
32
|
},
|
|
35
|
-
[
|
|
33
|
+
[VulnerabilityCode.HEADER_MISSING_HSTS]: {
|
|
36
34
|
id: 70,
|
|
37
|
-
code:
|
|
35
|
+
code: VulnerabilityCode.HEADER_MISSING_HSTS,
|
|
38
36
|
title: 'Missing Security Header - Strict-Transport-Security',
|
|
39
37
|
description: 'The application does not implement HSTS (HTTP Strict Transport Security) header, leaving users vulnerable to SSL stripping attacks and man-in-the-middle downgrades from HTTPS to HTTP connections on initial visits or after cookie expiration.',
|
|
40
38
|
severity: 'medium',
|
|
39
|
+
levelId: 3,
|
|
41
40
|
category: 'configuration',
|
|
42
41
|
scanner: 'security-headers',
|
|
43
42
|
cvss: {
|
|
@@ -53,78 +52,875 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
53
52
|
],
|
|
54
53
|
remediation: 'Add Strict-Transport-Security header with max-age of at least 31536000 (1 year). Include includeSubDomains directive. Consider HSTS preloading for maximum protection.',
|
|
55
54
|
},
|
|
56
|
-
[
|
|
55
|
+
[VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE]: {
|
|
56
|
+
id: 1011,
|
|
57
|
+
code: VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE,
|
|
58
|
+
title: 'HSTS Misconfiguration - Invalid Max-Age',
|
|
59
|
+
description: 'The Strict-Transport-Security header uses an invalid or malformed max-age value, preventing reliable HTTPS enforcement.',
|
|
60
|
+
severity: 'medium',
|
|
61
|
+
levelId: 3,
|
|
62
|
+
category: 'configuration',
|
|
63
|
+
scanner: 'security-headers',
|
|
64
|
+
cvss: {
|
|
65
|
+
score: 5.3,
|
|
66
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N',
|
|
67
|
+
severity: 'MEDIUM',
|
|
68
|
+
},
|
|
69
|
+
cwe: [
|
|
70
|
+
{ id: 'CWE-319', name: 'Cleartext Transmission', url: 'https://cwe.mitre.org/data/definitions/319.html' },
|
|
71
|
+
],
|
|
72
|
+
owasp: [
|
|
73
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
74
|
+
],
|
|
75
|
+
remediation: 'Set a valid numeric max-age on Strict-Transport-Security (at least 31536000).',
|
|
76
|
+
},
|
|
77
|
+
[VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE]: {
|
|
78
|
+
id: 1012,
|
|
79
|
+
code: VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE,
|
|
80
|
+
title: 'HSTS Misconfiguration - Max-Age Too Short',
|
|
81
|
+
description: 'The Strict-Transport-Security header uses a short max-age value that weakens HTTPS enforcement and allows downgrade risk to return quickly.',
|
|
82
|
+
severity: 'medium',
|
|
83
|
+
levelId: 3,
|
|
84
|
+
category: 'configuration',
|
|
85
|
+
scanner: 'security-headers',
|
|
86
|
+
cvss: {
|
|
87
|
+
score: 5.3,
|
|
88
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N',
|
|
89
|
+
severity: 'MEDIUM',
|
|
90
|
+
},
|
|
91
|
+
cwe: [
|
|
92
|
+
{ id: 'CWE-319', name: 'Cleartext Transmission', url: 'https://cwe.mitre.org/data/definitions/319.html' },
|
|
93
|
+
],
|
|
94
|
+
owasp: [
|
|
95
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
96
|
+
],
|
|
97
|
+
remediation: 'Increase max-age to at least 31536000 (1 year) to provide durable HTTPS enforcement.',
|
|
98
|
+
},
|
|
99
|
+
[VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS]: {
|
|
100
|
+
id: 1013,
|
|
101
|
+
code: VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS,
|
|
102
|
+
title: 'HSTS Misconfiguration - Missing includeSubDomains',
|
|
103
|
+
description: 'The Strict-Transport-Security header is missing includeSubDomains, leaving subdomains unprotected from downgrade and stripping attacks.',
|
|
104
|
+
severity: 'medium',
|
|
105
|
+
levelId: 3,
|
|
106
|
+
category: 'configuration',
|
|
107
|
+
scanner: 'security-headers',
|
|
108
|
+
cvss: {
|
|
109
|
+
score: 5.3,
|
|
110
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N',
|
|
111
|
+
severity: 'MEDIUM',
|
|
112
|
+
},
|
|
113
|
+
cwe: [
|
|
114
|
+
{ id: 'CWE-319', name: 'Cleartext Transmission', url: 'https://cwe.mitre.org/data/definitions/319.html' },
|
|
115
|
+
],
|
|
116
|
+
owasp: [
|
|
117
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
118
|
+
],
|
|
119
|
+
remediation: 'Add includeSubDomains to the HSTS header to protect all subdomains.',
|
|
120
|
+
},
|
|
121
|
+
[VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE]: {
|
|
122
|
+
id: 1018,
|
|
123
|
+
code: VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE,
|
|
124
|
+
title: 'HSTS Preload Requirements Not Met',
|
|
125
|
+
description: 'The HSTS header indicates preload intent but does not meet preload requirements, such as a sufficiently long max-age or includeSubDomains, reducing preload effectiveness.',
|
|
126
|
+
severity: 'medium',
|
|
127
|
+
levelId: 3,
|
|
128
|
+
category: 'configuration',
|
|
129
|
+
scanner: 'security-headers',
|
|
130
|
+
cvss: {
|
|
131
|
+
score: 5.3,
|
|
132
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N',
|
|
133
|
+
severity: 'MEDIUM',
|
|
134
|
+
},
|
|
135
|
+
cwe: [
|
|
136
|
+
{ id: 'CWE-319', name: 'Cleartext Transmission', url: 'https://cwe.mitre.org/data/definitions/319.html' },
|
|
137
|
+
],
|
|
138
|
+
owasp: [
|
|
139
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
140
|
+
],
|
|
141
|
+
remediation: 'Ensure HSTS max-age is at least 31536000, include includeSubDomains, and add preload before submitting to the preload list.',
|
|
142
|
+
},
|
|
143
|
+
[VulnerabilityCode.HEADER_MISSING_XFRAME]: {
|
|
57
144
|
id: 71,
|
|
58
|
-
code:
|
|
145
|
+
code: VulnerabilityCode.HEADER_MISSING_XFRAME,
|
|
59
146
|
title: 'Missing Security Header - X-Frame-Options',
|
|
60
147
|
description: 'The application does not set X-Frame-Options header, making it vulnerable to clickjacking attacks where malicious websites can embed the application in invisible iframes and trick users into performing unintended actions through deceptive UI overlays.',
|
|
61
148
|
severity: 'medium',
|
|
149
|
+
levelId: 3,
|
|
150
|
+
category: 'configuration',
|
|
151
|
+
scanner: 'security-headers',
|
|
152
|
+
cvss: {
|
|
153
|
+
score: 4.7,
|
|
154
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N',
|
|
155
|
+
severity: 'MEDIUM',
|
|
156
|
+
},
|
|
157
|
+
cwe: [
|
|
158
|
+
{ id: 'CWE-1021', name: 'Improper Restriction of Rendered UI Layers', url: 'https://cwe.mitre.org/data/definitions/1021.html' },
|
|
159
|
+
],
|
|
160
|
+
owasp: [
|
|
161
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
162
|
+
],
|
|
163
|
+
remediation: 'Set X-Frame-Options header to DENY or SAMEORIGIN. Use Content-Security-Policy frame-ancestors directive for more granular control. Both headers can be used together for compatibility.',
|
|
164
|
+
},
|
|
165
|
+
[VulnerabilityCode.HEADER_WEAK_CSP]: {
|
|
166
|
+
id: 72,
|
|
167
|
+
code: VulnerabilityCode.HEADER_WEAK_CSP,
|
|
168
|
+
title: 'Weak Content-Security-Policy Configuration',
|
|
169
|
+
description: 'The Content-Security-Policy header contains unsafe directives like unsafe-inline, unsafe-eval, or overly permissive source allowlists that significantly reduce its effectiveness as an XSS mitigation and may create false sense of security.',
|
|
170
|
+
severity: 'medium',
|
|
171
|
+
levelId: 3,
|
|
172
|
+
category: 'configuration',
|
|
173
|
+
scanner: 'security-headers',
|
|
174
|
+
cvss: {
|
|
175
|
+
score: 5.3,
|
|
176
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
177
|
+
severity: 'MEDIUM',
|
|
178
|
+
},
|
|
179
|
+
cwe: [
|
|
180
|
+
{ id: 'CWE-693', name: 'Protection Mechanism Failure', url: 'https://cwe.mitre.org/data/definitions/693.html' },
|
|
181
|
+
],
|
|
182
|
+
owasp: [
|
|
183
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
184
|
+
],
|
|
185
|
+
remediation: 'Remove unsafe-inline and unsafe-eval directives. Use nonce-based or hash-based CSP for inline scripts. Restrict source allowlists to specific trusted domains rather than wildcards.',
|
|
186
|
+
},
|
|
187
|
+
[VulnerabilityCode.HEADER_CSP_REPORT_ONLY]: {
|
|
188
|
+
id: 1001,
|
|
189
|
+
code: VulnerabilityCode.HEADER_CSP_REPORT_ONLY,
|
|
190
|
+
title: 'Content-Security-Policy Report-Only Enabled',
|
|
191
|
+
description: 'The Content-Security-Policy header is deployed in report-only mode, which does not enforce protections and allows unsafe content to execute while only logging violations.',
|
|
192
|
+
severity: 'medium',
|
|
193
|
+
levelId: 3,
|
|
194
|
+
category: 'configuration',
|
|
195
|
+
scanner: 'security-headers',
|
|
196
|
+
cvss: {
|
|
197
|
+
score: 5.3,
|
|
198
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
199
|
+
severity: 'MEDIUM',
|
|
200
|
+
},
|
|
201
|
+
cwe: [
|
|
202
|
+
{ id: 'CWE-693', name: 'Protection Mechanism Failure', url: 'https://cwe.mitre.org/data/definitions/693.html' },
|
|
203
|
+
],
|
|
204
|
+
owasp: [
|
|
205
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
206
|
+
],
|
|
207
|
+
remediation: 'Switch to enforcing Content-Security-Policy once violations are reviewed. Use report-only during rollout, then enforce with strict directives.',
|
|
208
|
+
},
|
|
209
|
+
[VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES]: {
|
|
210
|
+
id: 1002,
|
|
211
|
+
code: VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES,
|
|
212
|
+
title: 'Content-Security-Policy Contains Unsafe Directives',
|
|
213
|
+
description: 'The Content-Security-Policy header includes unsafe directives such as unsafe-inline or unsafe-eval that reduce XSS protection and allow risky script execution paths.',
|
|
214
|
+
severity: 'medium',
|
|
215
|
+
levelId: 3,
|
|
216
|
+
category: 'configuration',
|
|
217
|
+
scanner: 'security-headers',
|
|
218
|
+
cvss: {
|
|
219
|
+
score: 5.3,
|
|
220
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
221
|
+
severity: 'MEDIUM',
|
|
222
|
+
},
|
|
223
|
+
cwe: [
|
|
224
|
+
{ id: 'CWE-693', name: 'Protection Mechanism Failure', url: 'https://cwe.mitre.org/data/definitions/693.html' },
|
|
225
|
+
],
|
|
226
|
+
owasp: [
|
|
227
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
228
|
+
],
|
|
229
|
+
remediation: 'Remove unsafe-inline and unsafe-eval directives. Replace inline scripts with nonces or hashes and restrict sources to trusted domains.',
|
|
230
|
+
},
|
|
231
|
+
[VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT]: {
|
|
232
|
+
id: 1003,
|
|
233
|
+
code: VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT,
|
|
234
|
+
title: 'Content-Security-Policy Allows data: in script-src',
|
|
235
|
+
description: 'The CSP allows data: URIs for script execution, which can enable script injection through crafted data URLs and weaken XSS protections.',
|
|
236
|
+
severity: 'medium',
|
|
237
|
+
levelId: 3,
|
|
238
|
+
category: 'configuration',
|
|
239
|
+
scanner: 'security-headers',
|
|
240
|
+
cvss: {
|
|
241
|
+
score: 5.3,
|
|
242
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
243
|
+
severity: 'MEDIUM',
|
|
244
|
+
},
|
|
245
|
+
cwe: [
|
|
246
|
+
{ id: 'CWE-693', name: 'Protection Mechanism Failure', url: 'https://cwe.mitre.org/data/definitions/693.html' },
|
|
247
|
+
],
|
|
248
|
+
owasp: [
|
|
249
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
250
|
+
],
|
|
251
|
+
remediation: 'Remove data: from script-src. Use nonce or hash-based CSP for any required inline scripts.',
|
|
252
|
+
},
|
|
253
|
+
[VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT]: {
|
|
254
|
+
id: 1004,
|
|
255
|
+
code: VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT,
|
|
256
|
+
title: 'Content-Security-Policy Allows blob: in script-src',
|
|
257
|
+
description: 'The CSP allows blob: URIs for script execution, which can be abused to load attacker-controlled scripts in some contexts and weaken XSS mitigations.',
|
|
258
|
+
severity: 'medium',
|
|
259
|
+
levelId: 3,
|
|
260
|
+
category: 'configuration',
|
|
261
|
+
scanner: 'security-headers',
|
|
262
|
+
cvss: {
|
|
263
|
+
score: 5.3,
|
|
264
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
265
|
+
severity: 'MEDIUM',
|
|
266
|
+
},
|
|
267
|
+
cwe: [
|
|
268
|
+
{ id: 'CWE-693', name: 'Protection Mechanism Failure', url: 'https://cwe.mitre.org/data/definitions/693.html' },
|
|
269
|
+
],
|
|
270
|
+
owasp: [
|
|
271
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
272
|
+
],
|
|
273
|
+
remediation: 'Remove blob: from script-src unless strictly required. Use a narrower allowlist or nonces for trusted scripts.',
|
|
274
|
+
},
|
|
275
|
+
[VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT]: {
|
|
276
|
+
id: 1005,
|
|
277
|
+
code: VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT,
|
|
278
|
+
title: 'Content-Security-Policy default-src Uses Wildcard',
|
|
279
|
+
description: 'The CSP default-src directive allows all origins, which effectively disables the protection and allows untrusted content to load.',
|
|
280
|
+
severity: 'medium',
|
|
281
|
+
levelId: 3,
|
|
282
|
+
category: 'configuration',
|
|
283
|
+
scanner: 'security-headers',
|
|
284
|
+
cvss: {
|
|
285
|
+
score: 5.3,
|
|
286
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
287
|
+
severity: 'MEDIUM',
|
|
288
|
+
},
|
|
289
|
+
cwe: [
|
|
290
|
+
{ id: 'CWE-693', name: 'Protection Mechanism Failure', url: 'https://cwe.mitre.org/data/definitions/693.html' },
|
|
291
|
+
],
|
|
292
|
+
owasp: [
|
|
293
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
294
|
+
],
|
|
295
|
+
remediation: 'Replace wildcard default-src with explicit trusted origins and tighten resource-specific directives.',
|
|
296
|
+
},
|
|
297
|
+
[VulnerabilityCode.HEADER_CSP_NO_BASE_URI]: {
|
|
298
|
+
id: 1006,
|
|
299
|
+
code: VulnerabilityCode.HEADER_CSP_NO_BASE_URI,
|
|
300
|
+
title: 'Content-Security-Policy Missing base-uri Directive',
|
|
301
|
+
description: 'The CSP does not include a base-uri directive, allowing the base URL to be set by injected markup and enabling abuse of relative URL resolution.',
|
|
302
|
+
severity: 'medium',
|
|
303
|
+
levelId: 3,
|
|
304
|
+
category: 'configuration',
|
|
305
|
+
scanner: 'security-headers',
|
|
306
|
+
cvss: {
|
|
307
|
+
score: 5.3,
|
|
308
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
309
|
+
severity: 'MEDIUM',
|
|
310
|
+
},
|
|
311
|
+
cwe: [
|
|
312
|
+
{ id: 'CWE-693', name: 'Protection Mechanism Failure', url: 'https://cwe.mitre.org/data/definitions/693.html' },
|
|
313
|
+
],
|
|
314
|
+
owasp: [
|
|
315
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
316
|
+
],
|
|
317
|
+
remediation: 'Add base-uri \'self\' (or a strict allowlist) to CSP to prevent base tag abuse.',
|
|
318
|
+
},
|
|
319
|
+
[VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC]: {
|
|
320
|
+
id: 1007,
|
|
321
|
+
code: VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC,
|
|
322
|
+
title: 'Content-Security-Policy Missing object-src Directive',
|
|
323
|
+
description: 'The CSP does not include an object-src directive, allowing embedded objects to load from arbitrary origins and weakening defense-in-depth against plugin-based risks.',
|
|
324
|
+
severity: 'medium',
|
|
325
|
+
levelId: 3,
|
|
326
|
+
category: 'configuration',
|
|
327
|
+
scanner: 'security-headers',
|
|
328
|
+
cvss: {
|
|
329
|
+
score: 5.3,
|
|
330
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
331
|
+
severity: 'MEDIUM',
|
|
332
|
+
},
|
|
333
|
+
cwe: [
|
|
334
|
+
{ id: 'CWE-693', name: 'Protection Mechanism Failure', url: 'https://cwe.mitre.org/data/definitions/693.html' },
|
|
335
|
+
],
|
|
336
|
+
owasp: [
|
|
337
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
338
|
+
],
|
|
339
|
+
remediation: 'Add object-src \'none\' (or a strict allowlist) to CSP to prevent plugin content loading.',
|
|
340
|
+
},
|
|
341
|
+
[VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS]: {
|
|
342
|
+
id: 1008,
|
|
343
|
+
code: VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS,
|
|
344
|
+
title: 'Content-Security-Policy Missing frame-ancestors Directive',
|
|
345
|
+
description: 'The CSP does not include a frame-ancestors directive, leaving pages potentially frameable and vulnerable to clickjacking attacks.',
|
|
346
|
+
severity: 'medium',
|
|
347
|
+
levelId: 3,
|
|
348
|
+
category: 'configuration',
|
|
349
|
+
scanner: 'security-headers',
|
|
350
|
+
cvss: {
|
|
351
|
+
score: 4.7,
|
|
352
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N',
|
|
353
|
+
severity: 'MEDIUM',
|
|
354
|
+
},
|
|
355
|
+
cwe: [
|
|
356
|
+
{ id: 'CWE-1021', name: 'Improper Restriction of Rendered UI Layers', url: 'https://cwe.mitre.org/data/definitions/1021.html' },
|
|
357
|
+
],
|
|
358
|
+
owasp: [
|
|
359
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
360
|
+
],
|
|
361
|
+
remediation: 'Add frame-ancestors \'none\' or a strict allowlist to CSP to prevent clickjacking.',
|
|
362
|
+
},
|
|
363
|
+
[VulnerabilityCode.HEADER_CORS_MISCONFIGURED]: {
|
|
364
|
+
id: 73,
|
|
365
|
+
code: VulnerabilityCode.HEADER_CORS_MISCONFIGURED,
|
|
366
|
+
title: 'CORS Misconfiguration',
|
|
367
|
+
description: 'Cross-Origin Resource Sharing is misconfigured with overly permissive Access-Control-Allow-Origin headers including wildcard (*) with credentials, or dynamic reflection of Origin header without proper validation, enabling cross-origin data theft.',
|
|
368
|
+
severity: 'high',
|
|
369
|
+
levelId: 2,
|
|
370
|
+
category: 'configuration',
|
|
371
|
+
scanner: 'security-headers',
|
|
372
|
+
cvss: {
|
|
373
|
+
score: 7.5,
|
|
374
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N',
|
|
375
|
+
severity: 'HIGH',
|
|
376
|
+
},
|
|
377
|
+
cwe: [
|
|
378
|
+
{ id: 'CWE-942', name: 'Permissive CORS Policy', url: 'https://cwe.mitre.org/data/definitions/942.html' },
|
|
379
|
+
],
|
|
380
|
+
owasp: [
|
|
381
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
382
|
+
],
|
|
383
|
+
remediation: 'Implement strict Origin validation with allowlist of trusted domains. Never reflect Origin header without validation. Do not use wildcard with Access-Control-Allow-Credentials.',
|
|
384
|
+
},
|
|
385
|
+
[VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS]: {
|
|
386
|
+
id: 1014,
|
|
387
|
+
code: VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS,
|
|
388
|
+
title: 'CORS Wildcard With Credentials',
|
|
389
|
+
description: 'Access-Control-Allow-Origin is set to * while Access-Control-Allow-Credentials is enabled, which browsers block but signals a dangerous CORS policy that can be misapplied in some environments.',
|
|
390
|
+
severity: 'high',
|
|
391
|
+
levelId: 2,
|
|
392
|
+
category: 'configuration',
|
|
393
|
+
scanner: 'security-headers',
|
|
394
|
+
cvss: {
|
|
395
|
+
score: 7.5,
|
|
396
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N',
|
|
397
|
+
severity: 'HIGH',
|
|
398
|
+
},
|
|
399
|
+
cwe: [
|
|
400
|
+
{ id: 'CWE-942', name: 'Permissive CORS Policy', url: 'https://cwe.mitre.org/data/definitions/942.html' },
|
|
401
|
+
],
|
|
402
|
+
owasp: [
|
|
403
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
404
|
+
],
|
|
405
|
+
remediation: 'Never use wildcard origins with credentials. Replace * with an explicit allowlist and set Vary: Origin.',
|
|
406
|
+
},
|
|
407
|
+
[VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY]: {
|
|
408
|
+
id: 1015,
|
|
409
|
+
code: VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY,
|
|
410
|
+
title: 'CORS Origin Reflection Without Vary',
|
|
411
|
+
description: 'The Origin header is reflected in Access-Control-Allow-Origin without Vary: Origin, which can lead to cache poisoning and unintended cross-origin access.',
|
|
412
|
+
severity: 'high',
|
|
413
|
+
levelId: 2,
|
|
414
|
+
category: 'configuration',
|
|
415
|
+
scanner: 'security-headers',
|
|
416
|
+
cvss: {
|
|
417
|
+
score: 7.5,
|
|
418
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N',
|
|
419
|
+
severity: 'HIGH',
|
|
420
|
+
},
|
|
421
|
+
cwe: [
|
|
422
|
+
{ id: 'CWE-942', name: 'Permissive CORS Policy', url: 'https://cwe.mitre.org/data/definitions/942.html' },
|
|
423
|
+
],
|
|
424
|
+
owasp: [
|
|
425
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
426
|
+
],
|
|
427
|
+
remediation: 'Validate origins against an allowlist and always include Vary: Origin when dynamically setting Access-Control-Allow-Origin.',
|
|
428
|
+
},
|
|
429
|
+
[VulnerabilityCode.HEADER_CORS_NULL_ORIGIN]: {
|
|
430
|
+
id: 1016,
|
|
431
|
+
code: VulnerabilityCode.HEADER_CORS_NULL_ORIGIN,
|
|
432
|
+
title: 'CORS Allows Null Origin',
|
|
433
|
+
description: 'Access-Control-Allow-Origin allows the null origin, enabling requests from opaque origins such as sandboxed iframes and file URLs that can be abused to access sensitive data.',
|
|
434
|
+
severity: 'high',
|
|
435
|
+
levelId: 2,
|
|
436
|
+
category: 'configuration',
|
|
437
|
+
scanner: 'security-headers',
|
|
438
|
+
cvss: {
|
|
439
|
+
score: 7.5,
|
|
440
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N',
|
|
441
|
+
severity: 'HIGH',
|
|
442
|
+
},
|
|
443
|
+
cwe: [
|
|
444
|
+
{ id: 'CWE-942', name: 'Permissive CORS Policy', url: 'https://cwe.mitre.org/data/definitions/942.html' },
|
|
445
|
+
],
|
|
446
|
+
owasp: [
|
|
447
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
448
|
+
],
|
|
449
|
+
remediation: 'Remove null from allowed origins. Restrict CORS to explicit trusted domains only.',
|
|
450
|
+
},
|
|
451
|
+
[VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN]: {
|
|
452
|
+
id: 1017,
|
|
453
|
+
code: VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN,
|
|
454
|
+
title: 'CORS Allows Wildcard Subdomains',
|
|
455
|
+
description: 'CORS policies allow wildcard subdomains that can be abused if any subdomain is compromised or can be controlled by untrusted parties.',
|
|
456
|
+
severity: 'high',
|
|
457
|
+
levelId: 2,
|
|
458
|
+
category: 'configuration',
|
|
459
|
+
scanner: 'security-headers',
|
|
460
|
+
cvss: {
|
|
461
|
+
score: 7.5,
|
|
462
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N',
|
|
463
|
+
severity: 'HIGH',
|
|
464
|
+
},
|
|
465
|
+
cwe: [
|
|
466
|
+
{ id: 'CWE-942', name: 'Permissive CORS Policy', url: 'https://cwe.mitre.org/data/definitions/942.html' },
|
|
467
|
+
],
|
|
468
|
+
owasp: [
|
|
469
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
470
|
+
],
|
|
471
|
+
remediation: 'Replace wildcard subdomains with a strict allowlist of trusted origins.',
|
|
472
|
+
},
|
|
473
|
+
// ========================================
|
|
474
|
+
// DIRECTORY BROWSING
|
|
475
|
+
// ========================================
|
|
476
|
+
[VulnerabilityCode.DIRBROWSE_GENERIC]: {
|
|
477
|
+
id: 2000,
|
|
478
|
+
code: VulnerabilityCode.DIRBROWSE_GENERIC,
|
|
479
|
+
title: 'Directory Listing Enabled (Generic)',
|
|
480
|
+
description: 'Directory listing is enabled and exposes directory contents to unauthenticated visitors, revealing application structure and file names.',
|
|
481
|
+
severity: 'low',
|
|
482
|
+
levelId: 4,
|
|
483
|
+
category: 'configuration',
|
|
484
|
+
scanner: 'directory-browsing',
|
|
485
|
+
cvss: {
|
|
486
|
+
score: 3.7,
|
|
487
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
488
|
+
severity: 'LOW',
|
|
489
|
+
},
|
|
490
|
+
cwe: [
|
|
491
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
492
|
+
],
|
|
493
|
+
owasp: [
|
|
494
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
495
|
+
],
|
|
496
|
+
remediation: 'Disable directory listing in the web server configuration and ensure directories have index files.',
|
|
497
|
+
},
|
|
498
|
+
[VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE]: {
|
|
499
|
+
id: 2001,
|
|
500
|
+
code: VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE,
|
|
501
|
+
title: 'Directory Listing Exposing Sensitive Content (Generic)',
|
|
502
|
+
description: 'Directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
|
|
503
|
+
severity: 'medium',
|
|
504
|
+
levelId: 3,
|
|
505
|
+
category: 'configuration',
|
|
506
|
+
scanner: 'directory-browsing',
|
|
507
|
+
cvss: {
|
|
508
|
+
score: 5.3,
|
|
509
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
510
|
+
severity: 'MEDIUM',
|
|
511
|
+
},
|
|
512
|
+
cwe: [
|
|
513
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
514
|
+
],
|
|
515
|
+
owasp: [
|
|
516
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
517
|
+
],
|
|
518
|
+
remediation: 'Disable directory listing and remove sensitive files from web-accessible directories.',
|
|
519
|
+
},
|
|
520
|
+
[VulnerabilityCode.DIRBROWSE_APACHE]: {
|
|
521
|
+
id: 2002,
|
|
522
|
+
code: VulnerabilityCode.DIRBROWSE_APACHE,
|
|
523
|
+
title: 'Apache Autoindex Enabled',
|
|
524
|
+
description: 'Apache autoindex is enabled, exposing directory contents to unauthenticated visitors.',
|
|
525
|
+
severity: 'low',
|
|
526
|
+
levelId: 4,
|
|
527
|
+
category: 'configuration',
|
|
528
|
+
scanner: 'directory-browsing',
|
|
529
|
+
cvss: {
|
|
530
|
+
score: 3.7,
|
|
531
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
532
|
+
severity: 'LOW',
|
|
533
|
+
},
|
|
534
|
+
cwe: [
|
|
535
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
536
|
+
],
|
|
537
|
+
owasp: [
|
|
538
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
539
|
+
],
|
|
540
|
+
remediation: 'Disable autoindex in Apache (Options -Indexes) and add index files.',
|
|
541
|
+
},
|
|
542
|
+
[VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE]: {
|
|
543
|
+
id: 2003,
|
|
544
|
+
code: VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE,
|
|
545
|
+
title: 'Apache Autoindex Exposing Sensitive Content',
|
|
546
|
+
description: 'Apache autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
|
|
547
|
+
severity: 'medium',
|
|
548
|
+
levelId: 3,
|
|
549
|
+
category: 'configuration',
|
|
550
|
+
scanner: 'directory-browsing',
|
|
551
|
+
cvss: {
|
|
552
|
+
score: 5.3,
|
|
553
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
554
|
+
severity: 'MEDIUM',
|
|
555
|
+
},
|
|
556
|
+
cwe: [
|
|
557
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
558
|
+
],
|
|
559
|
+
owasp: [
|
|
560
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
561
|
+
],
|
|
562
|
+
remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
|
|
563
|
+
},
|
|
564
|
+
[VulnerabilityCode.DIRBROWSE_NGINX]: {
|
|
565
|
+
id: 2004,
|
|
566
|
+
code: VulnerabilityCode.DIRBROWSE_NGINX,
|
|
567
|
+
title: 'Nginx Autoindex Enabled',
|
|
568
|
+
description: 'Nginx autoindex is enabled, exposing directory contents to unauthenticated visitors.',
|
|
569
|
+
severity: 'low',
|
|
570
|
+
levelId: 4,
|
|
571
|
+
category: 'configuration',
|
|
572
|
+
scanner: 'directory-browsing',
|
|
573
|
+
cvss: {
|
|
574
|
+
score: 3.7,
|
|
575
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
576
|
+
severity: 'LOW',
|
|
577
|
+
},
|
|
578
|
+
cwe: [
|
|
579
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
580
|
+
],
|
|
581
|
+
owasp: [
|
|
582
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
583
|
+
],
|
|
584
|
+
remediation: 'Disable autoindex in nginx (autoindex off) and add index files.',
|
|
585
|
+
},
|
|
586
|
+
[VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE]: {
|
|
587
|
+
id: 2005,
|
|
588
|
+
code: VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE,
|
|
589
|
+
title: 'Nginx Autoindex Exposing Sensitive Content',
|
|
590
|
+
description: 'Nginx autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
|
|
591
|
+
severity: 'medium',
|
|
592
|
+
levelId: 3,
|
|
62
593
|
category: 'configuration',
|
|
63
|
-
scanner: '
|
|
594
|
+
scanner: 'directory-browsing',
|
|
64
595
|
cvss: {
|
|
65
|
-
score:
|
|
66
|
-
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:
|
|
596
|
+
score: 5.3,
|
|
597
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
67
598
|
severity: 'MEDIUM',
|
|
68
599
|
},
|
|
69
600
|
cwe: [
|
|
70
|
-
{ id: 'CWE-
|
|
601
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
71
602
|
],
|
|
72
603
|
owasp: [
|
|
73
604
|
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
74
605
|
],
|
|
75
|
-
remediation: '
|
|
606
|
+
remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
|
|
76
607
|
},
|
|
77
|
-
[
|
|
78
|
-
id:
|
|
79
|
-
code:
|
|
80
|
-
title: '
|
|
81
|
-
description: '
|
|
608
|
+
[VulnerabilityCode.DIRBROWSE_IIS]: {
|
|
609
|
+
id: 2006,
|
|
610
|
+
code: VulnerabilityCode.DIRBROWSE_IIS,
|
|
611
|
+
title: 'IIS Directory Browsing Enabled',
|
|
612
|
+
description: 'IIS directory browsing is enabled, exposing directory contents to unauthenticated visitors.',
|
|
613
|
+
severity: 'low',
|
|
614
|
+
levelId: 4,
|
|
615
|
+
category: 'configuration',
|
|
616
|
+
scanner: 'directory-browsing',
|
|
617
|
+
cvss: {
|
|
618
|
+
score: 3.7,
|
|
619
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
620
|
+
severity: 'LOW',
|
|
621
|
+
},
|
|
622
|
+
cwe: [
|
|
623
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
624
|
+
],
|
|
625
|
+
owasp: [
|
|
626
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
627
|
+
],
|
|
628
|
+
remediation: 'Disable directory browsing in IIS and ensure directories have index files.',
|
|
629
|
+
},
|
|
630
|
+
[VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE]: {
|
|
631
|
+
id: 2007,
|
|
632
|
+
code: VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE,
|
|
633
|
+
title: 'IIS Directory Browsing Exposing Sensitive Content',
|
|
634
|
+
description: 'IIS directory browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
|
|
82
635
|
severity: 'medium',
|
|
636
|
+
levelId: 3,
|
|
83
637
|
category: 'configuration',
|
|
84
|
-
scanner: '
|
|
638
|
+
scanner: 'directory-browsing',
|
|
85
639
|
cvss: {
|
|
86
640
|
score: 5.3,
|
|
87
641
|
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
88
642
|
severity: 'MEDIUM',
|
|
89
643
|
},
|
|
90
644
|
cwe: [
|
|
91
|
-
{ id: 'CWE-
|
|
645
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
92
646
|
],
|
|
93
647
|
owasp: [
|
|
94
648
|
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
95
649
|
],
|
|
96
|
-
remediation: '
|
|
650
|
+
remediation: 'Disable directory browsing and remove sensitive files from web-accessible directories.',
|
|
97
651
|
},
|
|
98
|
-
[
|
|
99
|
-
id:
|
|
100
|
-
code:
|
|
101
|
-
title: '
|
|
102
|
-
description: '
|
|
103
|
-
severity: '
|
|
652
|
+
[VulnerabilityCode.DIRBROWSE_TOMCAT]: {
|
|
653
|
+
id: 2008,
|
|
654
|
+
code: VulnerabilityCode.DIRBROWSE_TOMCAT,
|
|
655
|
+
title: 'Tomcat Directory Listing Enabled',
|
|
656
|
+
description: 'Tomcat directory listing is enabled, exposing directory contents to unauthenticated visitors.',
|
|
657
|
+
severity: 'low',
|
|
658
|
+
levelId: 4,
|
|
104
659
|
category: 'configuration',
|
|
105
|
-
scanner: '
|
|
660
|
+
scanner: 'directory-browsing',
|
|
106
661
|
cvss: {
|
|
107
|
-
score: 7
|
|
108
|
-
vector: 'CVSS:3.1/AV:N/AC:
|
|
109
|
-
severity: '
|
|
662
|
+
score: 3.7,
|
|
663
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
664
|
+
severity: 'LOW',
|
|
110
665
|
},
|
|
111
666
|
cwe: [
|
|
112
|
-
{ id: 'CWE-
|
|
667
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
113
668
|
],
|
|
114
669
|
owasp: [
|
|
115
670
|
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
116
671
|
],
|
|
117
|
-
remediation: '
|
|
672
|
+
remediation: 'Disable directory listings in Tomcat and add index files to web directories.',
|
|
118
673
|
},
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
674
|
+
[VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE]: {
|
|
675
|
+
id: 2009,
|
|
676
|
+
code: VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE,
|
|
677
|
+
title: 'Tomcat Directory Listing Exposing Sensitive Content',
|
|
678
|
+
description: 'Tomcat directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
|
|
679
|
+
severity: 'medium',
|
|
680
|
+
levelId: 3,
|
|
681
|
+
category: 'configuration',
|
|
682
|
+
scanner: 'directory-browsing',
|
|
683
|
+
cvss: {
|
|
684
|
+
score: 5.3,
|
|
685
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
686
|
+
severity: 'MEDIUM',
|
|
687
|
+
},
|
|
688
|
+
cwe: [
|
|
689
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
690
|
+
],
|
|
691
|
+
owasp: [
|
|
692
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
693
|
+
],
|
|
694
|
+
remediation: 'Disable directory listings and remove sensitive files from web-accessible directories.',
|
|
695
|
+
},
|
|
696
|
+
[VulnerabilityCode.DIRBROWSE_CADDY]: {
|
|
697
|
+
id: 2010,
|
|
698
|
+
code: VulnerabilityCode.DIRBROWSE_CADDY,
|
|
699
|
+
title: 'Caddy File Server Browsing Enabled',
|
|
700
|
+
description: 'Caddy file server browsing is enabled, exposing directory contents to unauthenticated visitors.',
|
|
701
|
+
severity: 'low',
|
|
702
|
+
levelId: 4,
|
|
703
|
+
category: 'configuration',
|
|
704
|
+
scanner: 'directory-browsing',
|
|
705
|
+
cvss: {
|
|
706
|
+
score: 3.7,
|
|
707
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
708
|
+
severity: 'LOW',
|
|
709
|
+
},
|
|
710
|
+
cwe: [
|
|
711
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
712
|
+
],
|
|
713
|
+
owasp: [
|
|
714
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
715
|
+
],
|
|
716
|
+
remediation: 'Disable file_server browse in Caddy or restrict browsing to trusted users.',
|
|
717
|
+
},
|
|
718
|
+
[VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE]: {
|
|
719
|
+
id: 2011,
|
|
720
|
+
code: VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE,
|
|
721
|
+
title: 'Caddy File Server Browsing Exposing Sensitive Content',
|
|
722
|
+
description: 'Caddy file server browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
|
|
723
|
+
severity: 'medium',
|
|
724
|
+
levelId: 3,
|
|
725
|
+
category: 'configuration',
|
|
726
|
+
scanner: 'directory-browsing',
|
|
727
|
+
cvss: {
|
|
728
|
+
score: 5.3,
|
|
729
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
730
|
+
severity: 'MEDIUM',
|
|
731
|
+
},
|
|
732
|
+
cwe: [
|
|
733
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
734
|
+
],
|
|
735
|
+
owasp: [
|
|
736
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
737
|
+
],
|
|
738
|
+
remediation: 'Disable file_server browse and remove sensitive files from web-accessible directories.',
|
|
739
|
+
},
|
|
740
|
+
[VulnerabilityCode.DIRBROWSE_WEBDAV]: {
|
|
741
|
+
id: 2012,
|
|
742
|
+
code: VulnerabilityCode.DIRBROWSE_WEBDAV,
|
|
743
|
+
title: 'WebDAV Directory Listing Enabled',
|
|
744
|
+
description: 'WebDAV responses expose directory contents, allowing unauthenticated browsing of files and folders.',
|
|
745
|
+
severity: 'low',
|
|
746
|
+
levelId: 4,
|
|
747
|
+
category: 'configuration',
|
|
748
|
+
scanner: 'directory-browsing',
|
|
749
|
+
cvss: {
|
|
750
|
+
score: 3.7,
|
|
751
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
752
|
+
severity: 'LOW',
|
|
753
|
+
},
|
|
754
|
+
cwe: [
|
|
755
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
756
|
+
],
|
|
757
|
+
owasp: [
|
|
758
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
759
|
+
],
|
|
760
|
+
remediation: 'Disable unauthenticated WebDAV browsing or restrict access with authentication and authorization.',
|
|
761
|
+
},
|
|
762
|
+
[VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE]: {
|
|
763
|
+
id: 2013,
|
|
764
|
+
code: VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE,
|
|
765
|
+
title: 'WebDAV Directory Listing Exposing Sensitive Content',
|
|
766
|
+
description: 'WebDAV responses expose directories containing sensitive files such as backups, credentials, or configuration artifacts.',
|
|
767
|
+
severity: 'medium',
|
|
768
|
+
levelId: 3,
|
|
769
|
+
category: 'configuration',
|
|
770
|
+
scanner: 'directory-browsing',
|
|
771
|
+
cvss: {
|
|
772
|
+
score: 5.3,
|
|
773
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
774
|
+
severity: 'MEDIUM',
|
|
775
|
+
},
|
|
776
|
+
cwe: [
|
|
777
|
+
{ id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
|
|
778
|
+
],
|
|
779
|
+
owasp: [
|
|
780
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
781
|
+
],
|
|
782
|
+
remediation: 'Disable unauthenticated WebDAV browsing and remove sensitive files from exposed directories.',
|
|
783
|
+
},
|
|
784
|
+
[VulnerabilityCode.DIRBROWSE_S3]: {
|
|
785
|
+
id: 2014,
|
|
786
|
+
code: VulnerabilityCode.DIRBROWSE_S3,
|
|
787
|
+
title: 'S3 Bucket Listing Enabled',
|
|
788
|
+
description: 'An S3 bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
|
|
789
|
+
severity: 'low',
|
|
790
|
+
levelId: 4,
|
|
791
|
+
category: 'configuration',
|
|
792
|
+
scanner: 'directory-browsing',
|
|
793
|
+
cvss: {
|
|
794
|
+
score: 3.7,
|
|
795
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
796
|
+
severity: 'LOW',
|
|
797
|
+
},
|
|
798
|
+
cwe: [
|
|
799
|
+
{ id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
|
|
800
|
+
],
|
|
801
|
+
owasp: [
|
|
802
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
803
|
+
],
|
|
804
|
+
remediation: 'Disable public ListBucket access and restrict bucket policies to authorized principals.',
|
|
805
|
+
},
|
|
806
|
+
[VulnerabilityCode.DIRBROWSE_S3_SENSITIVE]: {
|
|
807
|
+
id: 2015,
|
|
808
|
+
code: VulnerabilityCode.DIRBROWSE_S3_SENSITIVE,
|
|
809
|
+
title: 'S3 Bucket Listing Exposing Sensitive Content',
|
|
810
|
+
description: 'An S3 bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
|
|
811
|
+
severity: 'medium',
|
|
812
|
+
levelId: 3,
|
|
813
|
+
category: 'configuration',
|
|
814
|
+
scanner: 'directory-browsing',
|
|
815
|
+
cvss: {
|
|
816
|
+
score: 5.3,
|
|
817
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
818
|
+
severity: 'MEDIUM',
|
|
819
|
+
},
|
|
820
|
+
cwe: [
|
|
821
|
+
{ id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
|
|
822
|
+
],
|
|
823
|
+
owasp: [
|
|
824
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
825
|
+
],
|
|
826
|
+
remediation: 'Remove public ListBucket access and rotate any exposed credentials or secrets.',
|
|
827
|
+
},
|
|
828
|
+
[VulnerabilityCode.DIRBROWSE_GCS]: {
|
|
829
|
+
id: 2016,
|
|
830
|
+
code: VulnerabilityCode.DIRBROWSE_GCS,
|
|
831
|
+
title: 'GCS Bucket Listing Enabled',
|
|
832
|
+
description: 'A Google Cloud Storage bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
|
|
833
|
+
severity: 'low',
|
|
834
|
+
levelId: 4,
|
|
835
|
+
category: 'configuration',
|
|
836
|
+
scanner: 'directory-browsing',
|
|
837
|
+
cvss: {
|
|
838
|
+
score: 3.7,
|
|
839
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
840
|
+
severity: 'LOW',
|
|
841
|
+
},
|
|
842
|
+
cwe: [
|
|
843
|
+
{ id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
|
|
844
|
+
],
|
|
845
|
+
owasp: [
|
|
846
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
847
|
+
],
|
|
848
|
+
remediation: 'Restrict bucket IAM policies to authorized principals and disable anonymous listing.',
|
|
849
|
+
},
|
|
850
|
+
[VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE]: {
|
|
851
|
+
id: 2017,
|
|
852
|
+
code: VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE,
|
|
853
|
+
title: 'GCS Bucket Listing Exposing Sensitive Content',
|
|
854
|
+
description: 'A Google Cloud Storage bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
|
|
855
|
+
severity: 'medium',
|
|
856
|
+
levelId: 3,
|
|
857
|
+
category: 'configuration',
|
|
858
|
+
scanner: 'directory-browsing',
|
|
859
|
+
cvss: {
|
|
860
|
+
score: 5.3,
|
|
861
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
862
|
+
severity: 'MEDIUM',
|
|
863
|
+
},
|
|
864
|
+
cwe: [
|
|
865
|
+
{ id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
|
|
866
|
+
],
|
|
867
|
+
owasp: [
|
|
868
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
869
|
+
],
|
|
870
|
+
remediation: 'Remove public listing access and rotate any exposed credentials or secrets.',
|
|
871
|
+
},
|
|
872
|
+
[VulnerabilityCode.DIRBROWSE_AZURE_BLOB]: {
|
|
873
|
+
id: 2018,
|
|
874
|
+
code: VulnerabilityCode.DIRBROWSE_AZURE_BLOB,
|
|
875
|
+
title: 'Azure Blob Container Listing Enabled',
|
|
876
|
+
description: 'An Azure Blob container listing is exposed, allowing unauthenticated enumeration of blob names.',
|
|
877
|
+
severity: 'low',
|
|
878
|
+
levelId: 4,
|
|
879
|
+
category: 'configuration',
|
|
880
|
+
scanner: 'directory-browsing',
|
|
881
|
+
cvss: {
|
|
882
|
+
score: 3.7,
|
|
883
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
884
|
+
severity: 'LOW',
|
|
885
|
+
},
|
|
886
|
+
cwe: [
|
|
887
|
+
{ id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
|
|
888
|
+
],
|
|
889
|
+
owasp: [
|
|
890
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
891
|
+
],
|
|
892
|
+
remediation: 'Disable public container listing and restrict access via SAS tokens or RBAC.',
|
|
893
|
+
},
|
|
894
|
+
[VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE]: {
|
|
895
|
+
id: 2019,
|
|
896
|
+
code: VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE,
|
|
897
|
+
title: 'Azure Blob Container Listing Exposing Sensitive Content',
|
|
898
|
+
description: 'An Azure Blob container listing is exposed and includes sensitive blobs such as backups, credentials, or configuration artifacts.',
|
|
899
|
+
severity: 'medium',
|
|
900
|
+
levelId: 3,
|
|
901
|
+
category: 'configuration',
|
|
902
|
+
scanner: 'directory-browsing',
|
|
903
|
+
cvss: {
|
|
904
|
+
score: 5.3,
|
|
905
|
+
vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
906
|
+
severity: 'MEDIUM',
|
|
907
|
+
},
|
|
908
|
+
cwe: [
|
|
909
|
+
{ id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
|
|
910
|
+
],
|
|
911
|
+
owasp: [
|
|
912
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
913
|
+
],
|
|
914
|
+
remediation: 'Remove public listing access and rotate any exposed credentials or secrets.',
|
|
915
|
+
},
|
|
916
|
+
// Legacy generic codes (keep for backward compatibility)
|
|
917
|
+
[VulnerabilityCode.DIRBROWSE_ENABLED]: {
|
|
123
918
|
id: 74,
|
|
124
|
-
code:
|
|
919
|
+
code: VulnerabilityCode.DIRBROWSE_ENABLED,
|
|
125
920
|
title: 'Directory Listing Enabled',
|
|
126
921
|
description: 'Web server directory listing is enabled, exposing the contents of directories to anyone who browses to them without an index file. This reveals application structure, backup files, configuration files, and potentially sensitive data to attackers.',
|
|
127
922
|
severity: 'low',
|
|
923
|
+
levelId: 4,
|
|
128
924
|
category: 'configuration',
|
|
129
925
|
scanner: 'directory-browsing',
|
|
130
926
|
cvss: {
|
|
@@ -140,12 +936,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
140
936
|
],
|
|
141
937
|
remediation: 'Disable directory listing in web server configuration (Options -Indexes in Apache, autoindex off in nginx). Ensure all directories have proper index files.',
|
|
142
938
|
},
|
|
143
|
-
[
|
|
939
|
+
[VulnerabilityCode.DIRBROWSE_SENSITIVE]: {
|
|
144
940
|
id: 75,
|
|
145
|
-
code:
|
|
941
|
+
code: VulnerabilityCode.DIRBROWSE_SENSITIVE,
|
|
146
942
|
title: 'Directory Listing Exposing Sensitive Content',
|
|
147
943
|
description: 'Directory listing is enabled on a directory containing sensitive files like backups, configuration files, source code, or credentials. This elevates the risk significantly as attackers can directly access sensitive information without guessing filenames.',
|
|
148
944
|
severity: 'medium',
|
|
945
|
+
levelId: 3,
|
|
149
946
|
category: 'configuration',
|
|
150
947
|
scanner: 'directory-browsing',
|
|
151
948
|
cvss: {
|
|
@@ -164,12 +961,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
164
961
|
// ========================================
|
|
165
962
|
// CLICKJACKING
|
|
166
963
|
// ========================================
|
|
167
|
-
[
|
|
964
|
+
[VulnerabilityCode.CLICK_FRAMEABLE]: {
|
|
168
965
|
id: 76,
|
|
169
|
-
code:
|
|
966
|
+
code: VulnerabilityCode.CLICK_FRAMEABLE,
|
|
170
967
|
title: 'Clickjacking - Page Frameable',
|
|
171
968
|
description: 'The application pages can be embedded in iframes on malicious websites, enabling clickjacking attacks where attackers overlay transparent frames over deceptive UI elements to trick users into clicking hidden buttons or links that perform unintended actions.',
|
|
172
969
|
severity: 'medium',
|
|
970
|
+
levelId: 3,
|
|
173
971
|
category: 'configuration',
|
|
174
972
|
scanner: 'security-headers',
|
|
175
973
|
cvss: {
|
|
@@ -188,12 +986,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
188
986
|
// ========================================
|
|
189
987
|
// DESERIALIZATION
|
|
190
988
|
// ========================================
|
|
191
|
-
[
|
|
989
|
+
[VulnerabilityCode.DESER_JAVA]: {
|
|
192
990
|
id: 77,
|
|
193
|
-
code:
|
|
991
|
+
code: VulnerabilityCode.DESER_JAVA,
|
|
194
992
|
title: 'Insecure Deserialization - Java',
|
|
195
993
|
description: 'Critical Java deserialization vulnerability where untrusted serialized objects are processed, allowing attackers to achieve remote code execution through gadget chains in common libraries like Apache Commons Collections, Spring Framework, or other classpath dependencies.',
|
|
196
994
|
severity: 'critical',
|
|
995
|
+
levelId: 1,
|
|
197
996
|
category: 'injection',
|
|
198
997
|
scanner: 'deserialization',
|
|
199
998
|
cvss: {
|
|
@@ -209,12 +1008,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
209
1008
|
],
|
|
210
1009
|
remediation: 'Do not deserialize untrusted data. Use JSON or XML instead of Java serialization. Implement ObjectInputFilter (JEP 290) to restrict deserializable classes. Remove vulnerable gadget libraries.',
|
|
211
1010
|
},
|
|
212
|
-
[
|
|
1011
|
+
[VulnerabilityCode.DESER_PHP]: {
|
|
213
1012
|
id: 78,
|
|
214
|
-
code:
|
|
1013
|
+
code: VulnerabilityCode.DESER_PHP,
|
|
215
1014
|
title: 'Insecure Deserialization - PHP',
|
|
216
1015
|
description: 'Critical PHP deserialization vulnerability where unserialize() processes attacker-controlled data, enabling object injection attacks through magic methods like __wakeup(), __destruct(), or __toString() in application or framework classes for remote code execution.',
|
|
217
1016
|
severity: 'critical',
|
|
1017
|
+
levelId: 1,
|
|
218
1018
|
category: 'injection',
|
|
219
1019
|
scanner: 'deserialization',
|
|
220
1020
|
cvss: {
|
|
@@ -230,12 +1030,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
230
1030
|
],
|
|
231
1031
|
remediation: 'Never pass user input to unserialize(). Use json_decode() instead. If serialization is required, use allowed_classes option with explicit allowlist. Audit code for pop chains.',
|
|
232
1032
|
},
|
|
233
|
-
[
|
|
1033
|
+
[VulnerabilityCode.DESER_PYTHON]: {
|
|
234
1034
|
id: 79,
|
|
235
|
-
code:
|
|
1035
|
+
code: VulnerabilityCode.DESER_PYTHON,
|
|
236
1036
|
title: 'Insecure Deserialization - Python',
|
|
237
1037
|
description: 'Critical Python deserialization vulnerability through pickle/cPickle processing of untrusted data, enabling remote code execution via __reduce__ method exploitation. Python pickle is inherently unsafe and should never process untrusted input.',
|
|
238
1038
|
severity: 'critical',
|
|
1039
|
+
levelId: 1,
|
|
239
1040
|
category: 'injection',
|
|
240
1041
|
scanner: 'deserialization',
|
|
241
1042
|
cvss: {
|
|
@@ -251,12 +1052,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
251
1052
|
],
|
|
252
1053
|
remediation: 'Never pickle untrusted data. Use JSON or other safe formats. If pickle is required, use cryptographic signatures to verify data integrity before deserialization.',
|
|
253
1054
|
},
|
|
254
|
-
[
|
|
1055
|
+
[VulnerabilityCode.DESER_DOTNET]: {
|
|
255
1056
|
id: 80,
|
|
256
|
-
code:
|
|
1057
|
+
code: VulnerabilityCode.DESER_DOTNET,
|
|
257
1058
|
title: 'Insecure Deserialization - .NET',
|
|
258
1059
|
description: 'Critical .NET deserialization vulnerability through BinaryFormatter, ObjectStateFormatter, LosFormatter, or other dangerous formatters processing untrusted data, enabling remote code execution through gadget chains in the .NET runtime or third-party libraries.',
|
|
259
1060
|
severity: 'critical',
|
|
1061
|
+
levelId: 1,
|
|
260
1062
|
category: 'injection',
|
|
261
1063
|
scanner: 'deserialization',
|
|
262
1064
|
cvss: {
|
|
@@ -272,12 +1074,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
272
1074
|
],
|
|
273
1075
|
remediation: 'Avoid BinaryFormatter for untrusted data. Use System.Text.Json or XmlSerializer with known types. For legacy code, implement SerializationBinder to restrict deserializable types.',
|
|
274
1076
|
},
|
|
275
|
-
[
|
|
1077
|
+
[VulnerabilityCode.DESER_RUBY]: {
|
|
276
1078
|
id: 81,
|
|
277
|
-
code:
|
|
1079
|
+
code: VulnerabilityCode.DESER_RUBY,
|
|
278
1080
|
title: 'Insecure Deserialization - Ruby',
|
|
279
1081
|
description: 'Critical Ruby deserialization vulnerability through Marshal.load or YAML.load processing untrusted data, enabling remote code execution through Ruby object instantiation gadgets that execute arbitrary code during object reconstruction.',
|
|
280
1082
|
severity: 'critical',
|
|
1083
|
+
levelId: 1,
|
|
281
1084
|
category: 'injection',
|
|
282
1085
|
scanner: 'deserialization',
|
|
283
1086
|
cvss: {
|
|
@@ -293,12 +1096,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
293
1096
|
],
|
|
294
1097
|
remediation: 'Never Marshal.load untrusted data. Use JSON.parse instead. For YAML, use YAML.safe_load with permitted_classes option. Sign serialized data with HMAC for integrity.',
|
|
295
1098
|
},
|
|
296
|
-
[
|
|
1099
|
+
[VulnerabilityCode.DESER_NODE]: {
|
|
297
1100
|
id: 82,
|
|
298
|
-
code:
|
|
1101
|
+
code: VulnerabilityCode.DESER_NODE,
|
|
299
1102
|
title: 'Insecure Deserialization - Node.js',
|
|
300
1103
|
description: 'Critical Node.js deserialization vulnerability through node-serialize, funcster, or similar libraries that execute JavaScript during deserialization, enabling remote code execution when attacker-controlled serialized data containing functions or IIFE is processed.',
|
|
301
1104
|
severity: 'critical',
|
|
1105
|
+
levelId: 1,
|
|
302
1106
|
category: 'injection',
|
|
303
1107
|
scanner: 'deserialization',
|
|
304
1108
|
cvss: {
|
|
@@ -314,12 +1118,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
314
1118
|
],
|
|
315
1119
|
remediation: 'Never use serialization libraries that can deserialize functions. Use JSON.parse() for data interchange. Avoid node-serialize and similar libraries. Implement input validation.',
|
|
316
1120
|
},
|
|
317
|
-
[
|
|
1121
|
+
[VulnerabilityCode.CLICK_PARTIAL_PROTECTION]: {
|
|
318
1122
|
id: 83,
|
|
319
|
-
code:
|
|
1123
|
+
code: VulnerabilityCode.CLICK_PARTIAL_PROTECTION,
|
|
320
1124
|
title: 'Clickjacking - Partial Protection',
|
|
321
1125
|
description: 'Incomplete clickjacking protection where X-Frame-Options or frame-ancestors CSP is only applied on some pages, uses weak values like ALLOW-FROM with bypassable origins, or has inconsistent implementation allowing certain pages to be framed.',
|
|
322
1126
|
severity: 'low',
|
|
1127
|
+
levelId: 4,
|
|
323
1128
|
category: 'configuration',
|
|
324
1129
|
scanner: 'security-headers',
|
|
325
1130
|
cvss: {
|
|
@@ -335,12 +1140,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
335
1140
|
],
|
|
336
1141
|
remediation: 'Apply consistent frame protection across all pages. Use DENY or SAMEORIGIN rather than ALLOW-FROM. Audit all endpoints for missing protection. Use CSP frame-ancestors instead of X-Frame-Options.',
|
|
337
1142
|
},
|
|
338
|
-
[
|
|
1143
|
+
[VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE]: {
|
|
339
1144
|
id: 84,
|
|
340
|
-
code:
|
|
1145
|
+
code: VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE,
|
|
341
1146
|
title: 'Missing Security Header - X-Content-Type-Options',
|
|
342
1147
|
description: 'The application does not set X-Content-Type-Options: nosniff header, allowing browsers to perform MIME-type sniffing that can lead to XSS attacks when user-uploaded content is served with incorrect Content-Type and browsers execute it as script.',
|
|
343
1148
|
severity: 'low',
|
|
1149
|
+
levelId: 4,
|
|
344
1150
|
category: 'configuration',
|
|
345
1151
|
scanner: 'security-headers',
|
|
346
1152
|
cvss: {
|
|
@@ -356,12 +1162,35 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
356
1162
|
],
|
|
357
1163
|
remediation: 'Add X-Content-Type-Options: nosniff header to all responses. Ensure correct Content-Type headers are set for all resources. Validate file types before serving user uploads.',
|
|
358
1164
|
},
|
|
359
|
-
[
|
|
1165
|
+
[VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID]: {
|
|
1166
|
+
id: 1009,
|
|
1167
|
+
code: VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID,
|
|
1168
|
+
title: 'Invalid Security Header - X-Content-Type-Options',
|
|
1169
|
+
description: 'The X-Content-Type-Options header is present but misconfigured (not set to nosniff), which can allow MIME sniffing and reduce protection against content-type confusion.',
|
|
1170
|
+
severity: 'low',
|
|
1171
|
+
levelId: 4,
|
|
1172
|
+
category: 'configuration',
|
|
1173
|
+
scanner: 'security-headers',
|
|
1174
|
+
cvss: {
|
|
1175
|
+
score: 3.7,
|
|
1176
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
|
|
1177
|
+
severity: 'LOW',
|
|
1178
|
+
},
|
|
1179
|
+
cwe: [
|
|
1180
|
+
{ id: 'CWE-693', name: 'Protection Mechanism Failure', url: 'https://cwe.mitre.org/data/definitions/693.html' },
|
|
1181
|
+
],
|
|
1182
|
+
owasp: [
|
|
1183
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
1184
|
+
],
|
|
1185
|
+
remediation: 'Set X-Content-Type-Options to nosniff on all responses to prevent MIME sniffing.',
|
|
1186
|
+
},
|
|
1187
|
+
[VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY]: {
|
|
360
1188
|
id: 85,
|
|
361
|
-
code:
|
|
1189
|
+
code: VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY,
|
|
362
1190
|
title: 'Missing Security Header - Referrer-Policy',
|
|
363
1191
|
description: 'The application does not implement Referrer-Policy header, potentially leaking sensitive URL information including session tokens, user IDs, or query parameters to external sites when users click links or resources are loaded from third-party domains.',
|
|
364
1192
|
severity: 'low',
|
|
1193
|
+
levelId: 4,
|
|
365
1194
|
category: 'configuration',
|
|
366
1195
|
scanner: 'security-headers',
|
|
367
1196
|
cvss: {
|
|
@@ -377,12 +1206,35 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
377
1206
|
],
|
|
378
1207
|
remediation: 'Implement Referrer-Policy header with strict-origin-when-cross-origin or no-referrer policy. Avoid passing sensitive data in URLs. Use POST requests for sensitive operations.',
|
|
379
1208
|
},
|
|
380
|
-
[
|
|
1209
|
+
[VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE]: {
|
|
1210
|
+
id: 1010,
|
|
1211
|
+
code: VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE,
|
|
1212
|
+
title: 'Unsafe Referrer-Policy Configuration',
|
|
1213
|
+
description: 'The Referrer-Policy header is set to a permissive value that can leak full URLs and sensitive query parameters to external origins.',
|
|
1214
|
+
severity: 'low',
|
|
1215
|
+
levelId: 4,
|
|
1216
|
+
category: 'configuration',
|
|
1217
|
+
scanner: 'security-headers',
|
|
1218
|
+
cvss: {
|
|
1219
|
+
score: 3.1,
|
|
1220
|
+
vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N',
|
|
1221
|
+
severity: 'LOW',
|
|
1222
|
+
},
|
|
1223
|
+
cwe: [
|
|
1224
|
+
{ id: 'CWE-200', name: 'Information Exposure', url: 'https://cwe.mitre.org/data/definitions/200.html' },
|
|
1225
|
+
],
|
|
1226
|
+
owasp: [
|
|
1227
|
+
{ id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
|
|
1228
|
+
],
|
|
1229
|
+
remediation: 'Use strict-origin-when-cross-origin or no-referrer to minimize leakage of sensitive URL data.',
|
|
1230
|
+
},
|
|
1231
|
+
[VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY]: {
|
|
381
1232
|
id: 86,
|
|
382
|
-
code:
|
|
1233
|
+
code: VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY,
|
|
383
1234
|
title: 'Missing Security Header - Permissions-Policy',
|
|
384
1235
|
description: 'The application does not implement Permissions-Policy (formerly Feature-Policy) header, allowing embedded frames or malicious scripts to access sensitive browser features like camera, microphone, geolocation, or payment APIs without explicit permission.',
|
|
385
1236
|
severity: 'info',
|
|
1237
|
+
levelId: 5,
|
|
386
1238
|
category: 'configuration',
|
|
387
1239
|
scanner: 'security-headers',
|
|
388
1240
|
cvss: {
|
|
@@ -398,12 +1250,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
398
1250
|
],
|
|
399
1251
|
remediation: 'Add Permissions-Policy header restricting access to sensitive features. Disable features not needed by the application. Use () syntax to disallow features for all origins.',
|
|
400
1252
|
},
|
|
401
|
-
[
|
|
1253
|
+
[VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION]: {
|
|
402
1254
|
id: 87,
|
|
403
|
-
code:
|
|
1255
|
+
code: VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION,
|
|
404
1256
|
title: 'Missing Security Header - X-XSS-Protection',
|
|
405
1257
|
description: 'The legacy X-XSS-Protection header is not set. While deprecated in modern browsers, it can provide defense-in-depth for older browsers that still honor this header for their built-in XSS auditor feature.',
|
|
406
1258
|
severity: 'info',
|
|
1259
|
+
levelId: 5,
|
|
407
1260
|
category: 'configuration',
|
|
408
1261
|
scanner: 'security-headers',
|
|
409
1262
|
cvss: {
|
|
@@ -419,12 +1272,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
419
1272
|
],
|
|
420
1273
|
remediation: 'Set X-XSS-Protection: 0 to disable (recommended per OWASP) or use CSP instead. The XSS auditor has been removed from modern browsers due to security issues with block mode.',
|
|
421
1274
|
},
|
|
422
|
-
[
|
|
1275
|
+
[VulnerabilityCode.HEADER_COEP_WITHOUT_COOP]: {
|
|
423
1276
|
id: 108,
|
|
424
|
-
code:
|
|
1277
|
+
code: VulnerabilityCode.HEADER_COEP_WITHOUT_COOP,
|
|
425
1278
|
title: 'Header Misconfiguration - COEP Without COOP',
|
|
426
1279
|
description: 'Cross-Origin-Embedder-Policy (COEP) is set without Cross-Origin-Opener-Policy (COOP), which can create inconsistent cross-origin isolation behavior and indicate incomplete or misapplied security header strategy for isolation-sensitive applications.',
|
|
427
1280
|
severity: 'info',
|
|
1281
|
+
levelId: 5,
|
|
428
1282
|
category: 'configuration',
|
|
429
1283
|
scanner: 'security-headers',
|
|
430
1284
|
cvss: {
|
|
@@ -440,12 +1294,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
440
1294
|
],
|
|
441
1295
|
remediation: 'If cross-origin isolation is required, deploy COEP together with COOP and validate the intended policy combination. Otherwise remove COEP to avoid confusing or inconsistent isolation posture.',
|
|
442
1296
|
},
|
|
443
|
-
[
|
|
1297
|
+
[VulnerabilityCode.HEADER_CORP_UNUSUAL]: {
|
|
444
1298
|
id: 109,
|
|
445
|
-
code:
|
|
1299
|
+
code: VulnerabilityCode.HEADER_CORP_UNUSUAL,
|
|
446
1300
|
title: 'Header Misconfiguration - Unusual CORP Value',
|
|
447
1301
|
description: 'Cross-Origin-Resource-Policy (CORP) is set to a non-standard value, which may indicate a misconfiguration that provides no effective protection or creates unpredictable resource loading behavior across origins.',
|
|
448
1302
|
severity: 'info',
|
|
1303
|
+
levelId: 5,
|
|
449
1304
|
category: 'configuration',
|
|
450
1305
|
scanner: 'security-headers',
|
|
451
1306
|
cvss: {
|
|
@@ -461,12 +1316,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
461
1316
|
],
|
|
462
1317
|
remediation: 'Use valid CORP values (same-origin, same-site, or cross-origin) and confirm the chosen policy aligns with the resource sharing model of the application.',
|
|
463
1318
|
},
|
|
464
|
-
[
|
|
1319
|
+
[VulnerabilityCode.HEADER_EXPECT_CT_PRESENT]: {
|
|
465
1320
|
id: 110,
|
|
466
|
-
code:
|
|
1321
|
+
code: VulnerabilityCode.HEADER_EXPECT_CT_PRESENT,
|
|
467
1322
|
title: 'Deprecated Header - Expect-CT Present',
|
|
468
1323
|
description: 'The Expect-CT header is present even though the feature is deprecated and no longer enforced by major browsers, adding unnecessary configuration surface without meaningful security benefit.',
|
|
469
1324
|
severity: 'info',
|
|
1325
|
+
levelId: 5,
|
|
470
1326
|
category: 'configuration',
|
|
471
1327
|
scanner: 'security-headers',
|
|
472
1328
|
cvss: {
|
|
@@ -482,12 +1338,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
482
1338
|
],
|
|
483
1339
|
remediation: 'Remove Expect-CT unless you have a legacy operational requirement, and focus on TLS configuration and certificate transparency monitoring via modern tooling.',
|
|
484
1340
|
},
|
|
485
|
-
[
|
|
1341
|
+
[VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT]: {
|
|
486
1342
|
id: 111,
|
|
487
|
-
code:
|
|
1343
|
+
code: VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT,
|
|
488
1344
|
title: 'Information Exposure - Server Header Present',
|
|
489
1345
|
description: 'The Server header reveals technology or version details that can assist attackers with fingerprinting and targeted exploitation, increasing the likelihood of tailored attacks against known software weaknesses.',
|
|
490
1346
|
severity: 'info',
|
|
1347
|
+
levelId: 5,
|
|
491
1348
|
category: 'configuration',
|
|
492
1349
|
scanner: 'security-headers',
|
|
493
1350
|
cvss: {
|
|
@@ -503,12 +1360,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
503
1360
|
],
|
|
504
1361
|
remediation: 'Configure the web server or reverse proxy to minimize or remove Server header details and avoid exposing version strings in responses.',
|
|
505
1362
|
},
|
|
506
|
-
[
|
|
1363
|
+
[VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT]: {
|
|
507
1364
|
id: 112,
|
|
508
|
-
code:
|
|
1365
|
+
code: VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT,
|
|
509
1366
|
title: 'Information Exposure - X-Powered-By Present',
|
|
510
1367
|
description: 'The X-Powered-By header discloses framework or runtime information that can be used to fingerprint the application stack and target known vulnerabilities in specific platforms or versions.',
|
|
511
1368
|
severity: 'info',
|
|
1369
|
+
levelId: 5,
|
|
512
1370
|
category: 'configuration',
|
|
513
1371
|
scanner: 'security-headers',
|
|
514
1372
|
cvss: {
|
|
@@ -524,12 +1382,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
524
1382
|
],
|
|
525
1383
|
remediation: 'Disable X-Powered-By headers in application frameworks or reverse proxies to reduce stack fingerprinting exposure.',
|
|
526
1384
|
},
|
|
527
|
-
[
|
|
1385
|
+
[VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED]: {
|
|
528
1386
|
id: 113,
|
|
529
|
-
code:
|
|
1387
|
+
code: VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED,
|
|
530
1388
|
title: 'Deprecated Header - X-XSS-Protection Enabled',
|
|
531
1389
|
description: 'The X-XSS-Protection header is enabled, which is deprecated and can introduce security risks or inconsistent behavior in legacy browsers due to the removed XSS auditor feature.',
|
|
532
1390
|
severity: 'low',
|
|
1391
|
+
levelId: 4,
|
|
533
1392
|
category: 'configuration',
|
|
534
1393
|
scanner: 'security-headers',
|
|
535
1394
|
cvss: {
|
|
@@ -545,12 +1404,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
545
1404
|
],
|
|
546
1405
|
remediation: 'Prefer modern CSP protections and set X-XSS-Protection: 0 or remove the header to avoid relying on deprecated behavior.',
|
|
547
1406
|
},
|
|
548
|
-
[
|
|
1407
|
+
[VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE]: {
|
|
549
1408
|
id: 114,
|
|
550
|
-
code:
|
|
1409
|
+
code: VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE,
|
|
551
1410
|
title: 'Cookie Misconfiguration - SameSite=None Without Secure',
|
|
552
1411
|
description: 'A cookie is configured with SameSite=None but lacks the Secure attribute, enabling cross-site transmission over unencrypted connections and undermining cookie integrity and confidentiality controls.',
|
|
553
1412
|
severity: 'medium',
|
|
1413
|
+
levelId: 3,
|
|
554
1414
|
category: 'configuration',
|
|
555
1415
|
scanner: 'security-headers',
|
|
556
1416
|
cvss: {
|
|
@@ -566,12 +1426,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
566
1426
|
],
|
|
567
1427
|
remediation: 'Set Secure when SameSite=None is used and ensure the application is served exclusively over HTTPS.',
|
|
568
1428
|
},
|
|
569
|
-
[
|
|
1429
|
+
[VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE]: {
|
|
570
1430
|
id: 115,
|
|
571
|
-
code:
|
|
1431
|
+
code: VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE,
|
|
572
1432
|
title: 'Cookie Misconfiguration - Session Cookie Missing Secure',
|
|
573
1433
|
description: 'Session or authentication cookies are missing the Secure attribute, allowing them to be transmitted over unencrypted connections and increasing the risk of session hijacking or credential theft.',
|
|
574
1434
|
severity: 'high',
|
|
1435
|
+
levelId: 2,
|
|
575
1436
|
category: 'configuration',
|
|
576
1437
|
scanner: 'security-headers',
|
|
577
1438
|
cvss: {
|
|
@@ -587,12 +1448,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
587
1448
|
],
|
|
588
1449
|
remediation: 'Apply the Secure attribute to all session cookies and enforce HTTPS with HSTS to prevent downgrade to plaintext.',
|
|
589
1450
|
},
|
|
590
|
-
[
|
|
1451
|
+
[VulnerabilityCode.COOKIE_MISSING_SECURE]: {
|
|
591
1452
|
id: 116,
|
|
592
|
-
code:
|
|
1453
|
+
code: VulnerabilityCode.COOKIE_MISSING_SECURE,
|
|
593
1454
|
title: 'Cookie Misconfiguration - Missing Secure Attribute',
|
|
594
1455
|
description: 'Cookies are set without the Secure attribute, permitting transmission over plaintext HTTP and exposing cookie contents to network interception or manipulation.',
|
|
595
1456
|
severity: 'medium',
|
|
1457
|
+
levelId: 3,
|
|
596
1458
|
category: 'configuration',
|
|
597
1459
|
scanner: 'security-headers',
|
|
598
1460
|
cvss: {
|
|
@@ -608,12 +1470,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
608
1470
|
],
|
|
609
1471
|
remediation: 'Set the Secure attribute on cookies that should only be transmitted over HTTPS.',
|
|
610
1472
|
},
|
|
611
|
-
[
|
|
1473
|
+
[VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY]: {
|
|
612
1474
|
id: 117,
|
|
613
|
-
code:
|
|
1475
|
+
code: VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY,
|
|
614
1476
|
title: 'Cookie Misconfiguration - Session Cookie Missing HttpOnly',
|
|
615
1477
|
description: 'Session or authentication cookies are missing the HttpOnly attribute, allowing client-side scripts to access sensitive cookie values and increasing the impact of XSS attacks.',
|
|
616
1478
|
severity: 'high',
|
|
1479
|
+
levelId: 2,
|
|
617
1480
|
category: 'configuration',
|
|
618
1481
|
scanner: 'security-headers',
|
|
619
1482
|
cvss: {
|
|
@@ -629,12 +1492,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
629
1492
|
],
|
|
630
1493
|
remediation: 'Set HttpOnly on session cookies to reduce access from client-side scripts and pair with CSP to mitigate XSS risk.',
|
|
631
1494
|
},
|
|
632
|
-
[
|
|
1495
|
+
[VulnerabilityCode.COOKIE_MISSING_HTTPONLY]: {
|
|
633
1496
|
id: 118,
|
|
634
|
-
code:
|
|
1497
|
+
code: VulnerabilityCode.COOKIE_MISSING_HTTPONLY,
|
|
635
1498
|
title: 'Cookie Misconfiguration - Missing HttpOnly Attribute',
|
|
636
1499
|
description: 'Cookies are missing the HttpOnly attribute, allowing JavaScript access to cookie values and increasing the potential impact of client-side script injection.',
|
|
637
1500
|
severity: 'medium',
|
|
1501
|
+
levelId: 3,
|
|
638
1502
|
category: 'configuration',
|
|
639
1503
|
scanner: 'security-headers',
|
|
640
1504
|
cvss: {
|
|
@@ -650,12 +1514,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
650
1514
|
],
|
|
651
1515
|
remediation: 'Add HttpOnly to cookies that should not be accessed by JavaScript to reduce the impact of XSS.',
|
|
652
1516
|
},
|
|
653
|
-
[
|
|
1517
|
+
[VulnerabilityCode.COOKIE_MISSING_SAMESITE]: {
|
|
654
1518
|
id: 119,
|
|
655
|
-
code:
|
|
1519
|
+
code: VulnerabilityCode.COOKIE_MISSING_SAMESITE,
|
|
656
1520
|
title: 'Cookie Misconfiguration - Missing SameSite Attribute',
|
|
657
1521
|
description: 'Cookies do not specify SameSite, which can allow cross-site requests to include cookies by default and increase exposure to CSRF-style attacks or cross-site leakage.',
|
|
658
1522
|
severity: 'medium',
|
|
1523
|
+
levelId: 3,
|
|
659
1524
|
category: 'configuration',
|
|
660
1525
|
scanner: 'security-headers',
|
|
661
1526
|
cvss: {
|
|
@@ -671,12 +1536,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
671
1536
|
],
|
|
672
1537
|
remediation: 'Set SameSite=Lax for general cookies or SameSite=Strict where appropriate to reduce cross-site cookie inclusion.',
|
|
673
1538
|
},
|
|
674
|
-
[
|
|
1539
|
+
[VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID]: {
|
|
675
1540
|
id: 120,
|
|
676
|
-
code:
|
|
1541
|
+
code: VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID,
|
|
677
1542
|
title: 'Cookie Misconfiguration - __Host- Prefix Violations',
|
|
678
1543
|
description: 'Cookies with the __Host- prefix do not meet required attributes (Secure, Path=/, no Domain), weakening the protections provided by host-only cookie semantics.',
|
|
679
1544
|
severity: 'medium',
|
|
1545
|
+
levelId: 3,
|
|
680
1546
|
category: 'configuration',
|
|
681
1547
|
scanner: 'security-headers',
|
|
682
1548
|
cvss: {
|
|
@@ -692,12 +1558,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
692
1558
|
],
|
|
693
1559
|
remediation: 'Ensure __Host- cookies include Secure, Path=/, and omit the Domain attribute to preserve host-only guarantees.',
|
|
694
1560
|
},
|
|
695
|
-
[
|
|
1561
|
+
[VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID]: {
|
|
696
1562
|
id: 121,
|
|
697
|
-
code:
|
|
1563
|
+
code: VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID,
|
|
698
1564
|
title: 'Cookie Misconfiguration - __Secure- Prefix Violations',
|
|
699
1565
|
description: 'Cookies with the __Secure- prefix are missing the Secure attribute, which defeats the prefix requirement and weakens transport security protections.',
|
|
700
1566
|
severity: 'medium',
|
|
1567
|
+
levelId: 3,
|
|
701
1568
|
category: 'configuration',
|
|
702
1569
|
scanner: 'security-headers',
|
|
703
1570
|
cvss: {
|
|
@@ -713,12 +1580,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
713
1580
|
],
|
|
714
1581
|
remediation: 'Set the Secure attribute for all __Secure- cookies and ensure HTTPS is enforced across the application.',
|
|
715
1582
|
},
|
|
716
|
-
[
|
|
1583
|
+
[VulnerabilityCode.HEADER_DRIFT_CSP]: {
|
|
717
1584
|
id: 122,
|
|
718
|
-
code:
|
|
1585
|
+
code: VulnerabilityCode.HEADER_DRIFT_CSP,
|
|
719
1586
|
title: 'Header Drift - Content-Security-Policy Inconsistent',
|
|
720
1587
|
description: 'Content-Security-Policy is present on some paths but missing on others, creating uneven defenses and potentially exposing unprotected routes to script injection or content loading risks.',
|
|
721
1588
|
severity: 'low',
|
|
1589
|
+
levelId: 4,
|
|
722
1590
|
category: 'configuration',
|
|
723
1591
|
scanner: 'security-headers',
|
|
724
1592
|
cvss: {
|
|
@@ -734,12 +1602,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
734
1602
|
],
|
|
735
1603
|
remediation: 'Apply CSP consistently across relevant responses, including error and authentication pages, to avoid gaps in policy coverage.',
|
|
736
1604
|
},
|
|
737
|
-
[
|
|
1605
|
+
[VulnerabilityCode.HEADER_DRIFT_HSTS]: {
|
|
738
1606
|
id: 123,
|
|
739
|
-
code:
|
|
1607
|
+
code: VulnerabilityCode.HEADER_DRIFT_HSTS,
|
|
740
1608
|
title: 'Header Drift - Strict-Transport-Security Inconsistent',
|
|
741
1609
|
description: 'Strict-Transport-Security is present on some paths but missing on others, reducing the effectiveness of HTTPS enforcement and creating mixed transport behavior across the site.',
|
|
742
1610
|
severity: 'low',
|
|
1611
|
+
levelId: 4,
|
|
743
1612
|
category: 'configuration',
|
|
744
1613
|
scanner: 'security-headers',
|
|
745
1614
|
cvss: {
|
|
@@ -755,12 +1624,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
755
1624
|
],
|
|
756
1625
|
remediation: 'Ensure HSTS is set uniformly on HTTPS responses so the browser can enforce strict transport for the entire origin.',
|
|
757
1626
|
},
|
|
758
|
-
[
|
|
1627
|
+
[VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE]: {
|
|
759
1628
|
id: 124,
|
|
760
|
-
code:
|
|
1629
|
+
code: VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE,
|
|
761
1630
|
title: 'Header Drift - X-Content-Type-Options Inconsistent',
|
|
762
1631
|
description: 'X-Content-Type-Options is present on some paths but missing on others, allowing inconsistent MIME sniffing behavior that could expose unprotected routes to content-type confusion.',
|
|
763
1632
|
severity: 'low',
|
|
1633
|
+
levelId: 4,
|
|
764
1634
|
category: 'configuration',
|
|
765
1635
|
scanner: 'security-headers',
|
|
766
1636
|
cvss: {
|
|
@@ -776,12 +1646,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
776
1646
|
],
|
|
777
1647
|
remediation: 'Apply X-Content-Type-Options: nosniff across all relevant responses to avoid inconsistent browser behavior.',
|
|
778
1648
|
},
|
|
779
|
-
[
|
|
1649
|
+
[VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY]: {
|
|
780
1650
|
id: 125,
|
|
781
|
-
code:
|
|
1651
|
+
code: VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY,
|
|
782
1652
|
title: 'Header Drift - Referrer-Policy Inconsistent',
|
|
783
1653
|
description: 'Referrer-Policy is present on some paths but missing on others, leading to inconsistent referrer leakage controls and potential exposure of sensitive URL data.',
|
|
784
1654
|
severity: 'low',
|
|
1655
|
+
levelId: 4,
|
|
785
1656
|
category: 'configuration',
|
|
786
1657
|
scanner: 'security-headers',
|
|
787
1658
|
cvss: {
|
|
@@ -797,12 +1668,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
797
1668
|
],
|
|
798
1669
|
remediation: 'Set a consistent Referrer-Policy across responses to standardize referrer leakage controls.',
|
|
799
1670
|
},
|
|
800
|
-
[
|
|
1671
|
+
[VulnerabilityCode.HEADER_DRIFT_XFRAME]: {
|
|
801
1672
|
id: 126,
|
|
802
|
-
code:
|
|
1673
|
+
code: VulnerabilityCode.HEADER_DRIFT_XFRAME,
|
|
803
1674
|
title: 'Header Drift - X-Frame-Options Inconsistent',
|
|
804
1675
|
description: 'X-Frame-Options or equivalent framing controls are present on some paths but missing on others, creating uneven clickjacking protection across the site.',
|
|
805
1676
|
severity: 'low',
|
|
1677
|
+
levelId: 4,
|
|
806
1678
|
category: 'configuration',
|
|
807
1679
|
scanner: 'security-headers',
|
|
808
1680
|
cvss: {
|
|
@@ -818,12 +1690,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
818
1690
|
],
|
|
819
1691
|
remediation: 'Apply X-Frame-Options or CSP frame-ancestors consistently to avoid unprotected pages.',
|
|
820
1692
|
},
|
|
821
|
-
[
|
|
1693
|
+
[VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY]: {
|
|
822
1694
|
id: 127,
|
|
823
|
-
code:
|
|
1695
|
+
code: VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY,
|
|
824
1696
|
title: 'Header Drift - Permissions-Policy Inconsistent',
|
|
825
1697
|
description: 'Permissions-Policy is present on some paths but missing on others, leading to inconsistent controls over browser features such as geolocation, camera, or microphone.',
|
|
826
1698
|
severity: 'low',
|
|
1699
|
+
levelId: 4,
|
|
827
1700
|
category: 'configuration',
|
|
828
1701
|
scanner: 'security-headers',
|
|
829
1702
|
cvss: {
|
|
@@ -839,12 +1712,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
839
1712
|
],
|
|
840
1713
|
remediation: 'Apply Permissions-Policy consistently for pages that should restrict access to sensitive browser features.',
|
|
841
1714
|
},
|
|
842
|
-
[
|
|
1715
|
+
[VulnerabilityCode.HEADER_DRIFT_COOP]: {
|
|
843
1716
|
id: 128,
|
|
844
|
-
code:
|
|
1717
|
+
code: VulnerabilityCode.HEADER_DRIFT_COOP,
|
|
845
1718
|
title: 'Header Drift - COOP Inconsistent',
|
|
846
1719
|
description: 'Cross-Origin-Opener-Policy is present on some paths but missing on others, which can lead to uneven cross-origin isolation guarantees and inconsistent window isolation behavior.',
|
|
847
1720
|
severity: 'low',
|
|
1721
|
+
levelId: 4,
|
|
848
1722
|
category: 'configuration',
|
|
849
1723
|
scanner: 'security-headers',
|
|
850
1724
|
cvss: {
|
|
@@ -860,12 +1734,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
860
1734
|
],
|
|
861
1735
|
remediation: 'Apply COOP consistently where cross-origin isolation is required and validate the policy across all relevant routes.',
|
|
862
1736
|
},
|
|
863
|
-
[
|
|
1737
|
+
[VulnerabilityCode.HEADER_DRIFT_COEP]: {
|
|
864
1738
|
id: 129,
|
|
865
|
-
code:
|
|
1739
|
+
code: VulnerabilityCode.HEADER_DRIFT_COEP,
|
|
866
1740
|
title: 'Header Drift - COEP Inconsistent',
|
|
867
1741
|
description: 'Cross-Origin-Embedder-Policy is present on some paths but missing on others, resulting in inconsistent embedding restrictions and cross-origin isolation posture.',
|
|
868
1742
|
severity: 'low',
|
|
1743
|
+
levelId: 4,
|
|
869
1744
|
category: 'configuration',
|
|
870
1745
|
scanner: 'security-headers',
|
|
871
1746
|
cvss: {
|
|
@@ -881,12 +1756,13 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
881
1756
|
],
|
|
882
1757
|
remediation: 'Apply COEP consistently on routes that are intended to enforce cross-origin embedding controls.',
|
|
883
1758
|
},
|
|
884
|
-
[
|
|
1759
|
+
[VulnerabilityCode.HEADER_DRIFT_CORP]: {
|
|
885
1760
|
id: 130,
|
|
886
|
-
code:
|
|
1761
|
+
code: VulnerabilityCode.HEADER_DRIFT_CORP,
|
|
887
1762
|
title: 'Header Drift - CORP Inconsistent',
|
|
888
1763
|
description: 'Cross-Origin-Resource-Policy is present on some paths but missing on others, which can leave inconsistent controls on resource sharing and embedding across the application.',
|
|
889
1764
|
severity: 'low',
|
|
1765
|
+
levelId: 4,
|
|
890
1766
|
category: 'configuration',
|
|
891
1767
|
scanner: 'security-headers',
|
|
892
1768
|
cvss: {
|
|
@@ -903,4 +1779,4 @@ exports.CONFIG_VULNERABILITIES = {
|
|
|
903
1779
|
remediation: 'Apply CORP consistently where resource sharing policies should be enforced across all relevant responses.',
|
|
904
1780
|
},
|
|
905
1781
|
};
|
|
906
|
-
|
|
1782
|
+
export default CONFIG_VULNERABILITIES;
|