@zerothreatai/vulnerability-registry 3.0.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. package/dist/categories/authentication.js +17 -0
  2. package/dist/categories/configuration.js +501 -0
  3. package/dist/categories/injection.js +34 -0
  4. package/dist/categories/sensitive-paths.js +84 -0
  5. package/dist/categories/ssrf.js +11 -0
  6. package/dist/categories/xss.js +15 -0
  7. package/dist/category.d.ts +6 -0
  8. package/dist/category.js +15 -0
  9. package/dist/error-codes.d.ts +20 -0
  10. package/dist/error-codes.js +20 -0
  11. package/dist/index.d.ts +9 -1
  12. package/dist/index.js +5 -1
  13. package/dist/scanner.d.ts +6 -0
  14. package/dist/scanner.js +22 -0
  15. package/dist/types.d.ts +2 -0
  16. package/dist-cjs/categories/authentication.js +17 -0
  17. package/dist-cjs/categories/configuration.js +501 -0
  18. package/dist-cjs/categories/injection.js +34 -0
  19. package/dist-cjs/categories/sensitive-paths.js +84 -0
  20. package/dist-cjs/categories/ssrf.js +11 -0
  21. package/dist-cjs/categories/xss.js +15 -0
  22. package/dist-cjs/category.js +18 -0
  23. package/dist-cjs/error-codes.js +20 -0
  24. package/dist-cjs/index.js +7 -1
  25. package/dist-cjs/scanner.js +25 -0
  26. package/package.json +1 -1
  27. package/src/categories/authentication.js +54 -40
  28. package/src/categories/authentication.ts +134 -117
  29. package/src/categories/configuration.js +990 -114
  30. package/src/categories/configuration.ts +1625 -1104
  31. package/src/categories/injection.js +105 -74
  32. package/src/categories/injection.ts +129 -95
  33. package/src/categories/sensitive-paths.js +255 -174
  34. package/src/categories/sensitive-paths.ts +84 -0
  35. package/src/categories/ssrf.js +36 -28
  36. package/src/categories/ssrf.ts +11 -0
  37. package/src/categories/xss.js +47 -35
  38. package/src/categories/xss.ts +15 -0
  39. package/src/category.ts +16 -0
  40. package/src/error-codes.d.ts +38 -0
  41. package/src/error-codes.js +41 -6
  42. package/src/error-codes.ts +25 -5
  43. package/src/index.js +33 -48
  44. package/src/index.ts +20 -14
  45. package/src/scanner.ts +23 -0
  46. package/src/types.d.ts +2 -0
  47. package/src/types.js +1 -2
  48. package/src/types.ts +4 -2
  49. package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
package/dist-cjs/categories/configuration.js CHANGED
@@ -17,6 +17,7 @@ exports.CONFIG_VULNERABILITIES = {
17
17
  title: 'Missing Security Header - Content-Security-Policy',
18
18
  description: 'The application does not implement Content-Security-Policy header, leaving it vulnerable to cross-site scripting attacks that could be mitigated by restricting the sources from which scripts, styles, and other resources can be loaded into the page.',
19
19
  severity: 'medium',
20
+ levelId: 3,
20
21
  category: 'configuration',
21
22
  scanner: 'security-headers',
22
23
  cvss: {
@@ -38,6 +39,7 @@ exports.CONFIG_VULNERABILITIES = {
38
39
  title: 'Missing Security Header - Strict-Transport-Security',
39
40
  description: 'The application does not implement HSTS (HTTP Strict Transport Security) header, leaving users vulnerable to SSL stripping attacks and man-in-the-middle downgrades from HTTPS to HTTP connections on initial visits or after cookie expiration.',
40
41
  severity: 'medium',
42
+ levelId: 3,
41
43
  category: 'configuration',
42
44
  scanner: 'security-headers',
43
45
  cvss: {
@@ -59,6 +61,7 @@ exports.CONFIG_VULNERABILITIES = {
59
61
  title: 'HSTS Misconfiguration - Invalid Max-Age',
60
62
  description: 'The Strict-Transport-Security header uses an invalid or malformed max-age value, preventing reliable HTTPS enforcement.',
61
63
  severity: 'medium',
64
+ levelId: 3,
62
65
  category: 'configuration',
63
66
  scanner: 'security-headers',
64
67
  cvss: {
@@ -80,6 +83,7 @@ exports.CONFIG_VULNERABILITIES = {
80
83
  title: 'HSTS Misconfiguration - Max-Age Too Short',
81
84
  description: 'The Strict-Transport-Security header uses a short max-age value that weakens HTTPS enforcement and allows downgrade risk to return quickly.',
82
85
  severity: 'medium',
86
+ levelId: 3,
83
87
  category: 'configuration',
84
88
  scanner: 'security-headers',
85
89
  cvss: {
@@ -101,6 +105,7 @@ exports.CONFIG_VULNERABILITIES = {
101
105
  title: 'HSTS Misconfiguration - Missing includeSubDomains',
102
106
  description: 'The Strict-Transport-Security header is missing includeSubDomains, leaving subdomains unprotected from downgrade and stripping attacks.',
103
107
  severity: 'medium',
108
+ levelId: 3,
104
109
  category: 'configuration',
105
110
  scanner: 'security-headers',
106
111
  cvss: {
@@ -122,6 +127,7 @@ exports.CONFIG_VULNERABILITIES = {
122
127
  title: 'HSTS Preload Requirements Not Met',
123
128
  description: 'The HSTS header indicates preload intent but does not meet preload requirements, such as a sufficiently long max-age or includeSubDomains, reducing preload effectiveness.',
124
129
  severity: 'medium',
130
+ levelId: 3,
125
131
  category: 'configuration',
126
132
  scanner: 'security-headers',
127
133
  cvss: {
@@ -143,6 +149,7 @@ exports.CONFIG_VULNERABILITIES = {
143
149
  title: 'Missing Security Header - X-Frame-Options',
144
150
  description: 'The application does not set X-Frame-Options header, making it vulnerable to clickjacking attacks where malicious websites can embed the application in invisible iframes and trick users into performing unintended actions through deceptive UI overlays.',
145
151
  severity: 'medium',
152
+ levelId: 3,
146
153
  category: 'configuration',
147
154
  scanner: 'security-headers',
148
155
  cvss: {
@@ -164,6 +171,7 @@ exports.CONFIG_VULNERABILITIES = {
164
171
  title: 'Weak Content-Security-Policy Configuration',
165
172
  description: 'The Content-Security-Policy header contains unsafe directives like unsafe-inline, unsafe-eval, or overly permissive source allowlists that significantly reduce its effectiveness as an XSS mitigation and may create false sense of security.',
166
173
  severity: 'medium',
174
+ levelId: 3,
167
175
  category: 'configuration',
168
176
  scanner: 'security-headers',
169
177
  cvss: {
@@ -185,6 +193,7 @@ exports.CONFIG_VULNERABILITIES = {
185
193
  title: 'Content-Security-Policy Report-Only Enabled',
186
194
  description: 'The Content-Security-Policy header is deployed in report-only mode, which does not enforce protections and allows unsafe content to execute while only logging violations.',
187
195
  severity: 'medium',
196
+ levelId: 3,
188
197
  category: 'configuration',
189
198
  scanner: 'security-headers',
190
199
  cvss: {
@@ -206,6 +215,7 @@ exports.CONFIG_VULNERABILITIES = {
206
215
  title: 'Content-Security-Policy Contains Unsafe Directives',
207
216
  description: 'The Content-Security-Policy header includes unsafe directives such as unsafe-inline or unsafe-eval that reduce XSS protection and allow risky script execution paths.',
208
217
  severity: 'medium',
218
+ levelId: 3,
209
219
  category: 'configuration',
210
220
  scanner: 'security-headers',
211
221
  cvss: {
@@ -227,6 +237,7 @@ exports.CONFIG_VULNERABILITIES = {
227
237
  title: 'Content-Security-Policy Allows data: in script-src',
228
238
  description: 'The CSP allows data: URIs for script execution, which can enable script injection through crafted data URLs and weaken XSS protections.',
229
239
  severity: 'medium',
240
+ levelId: 3,
230
241
  category: 'configuration',
231
242
  scanner: 'security-headers',
232
243
  cvss: {
@@ -248,6 +259,7 @@ exports.CONFIG_VULNERABILITIES = {
248
259
  title: 'Content-Security-Policy Allows blob: in script-src',
249
260
  description: 'The CSP allows blob: URIs for script execution, which can be abused to load attacker-controlled scripts in some contexts and weaken XSS mitigations.',
250
261
  severity: 'medium',
262
+ levelId: 3,
251
263
  category: 'configuration',
252
264
  scanner: 'security-headers',
253
265
  cvss: {
@@ -269,6 +281,7 @@ exports.CONFIG_VULNERABILITIES = {
269
281
  title: 'Content-Security-Policy default-src Uses Wildcard',
270
282
  description: 'The CSP default-src directive allows all origins, which effectively disables the protection and allows untrusted content to load.',
271
283
  severity: 'medium',
284
+ levelId: 3,
272
285
  category: 'configuration',
273
286
  scanner: 'security-headers',
274
287
  cvss: {
@@ -290,6 +303,7 @@ exports.CONFIG_VULNERABILITIES = {
290
303
  title: 'Content-Security-Policy Missing base-uri Directive',
291
304
  description: 'The CSP does not include a base-uri directive, allowing the base URL to be set by injected markup and enabling abuse of relative URL resolution.',
292
305
  severity: 'medium',
306
+ levelId: 3,
293
307
  category: 'configuration',
294
308
  scanner: 'security-headers',
295
309
  cvss: {
@@ -311,6 +325,7 @@ exports.CONFIG_VULNERABILITIES = {
311
325
  title: 'Content-Security-Policy Missing object-src Directive',
312
326
  description: 'The CSP does not include an object-src directive, allowing embedded objects to load from arbitrary origins and weakening defense-in-depth against plugin-based risks.',
313
327
  severity: 'medium',
328
+ levelId: 3,
314
329
  category: 'configuration',
315
330
  scanner: 'security-headers',
316
331
  cvss: {
@@ -332,6 +347,7 @@ exports.CONFIG_VULNERABILITIES = {
332
347
  title: 'Content-Security-Policy Missing frame-ancestors Directive',
333
348
  description: 'The CSP does not include a frame-ancestors directive, leaving pages potentially frameable and vulnerable to clickjacking attacks.',
334
349
  severity: 'medium',
350
+ levelId: 3,
335
351
  category: 'configuration',
336
352
  scanner: 'security-headers',
337
353
  cvss: {
@@ -353,6 +369,7 @@ exports.CONFIG_VULNERABILITIES = {
353
369
  title: 'CORS Misconfiguration',
354
370
  description: 'Cross-Origin Resource Sharing is misconfigured with overly permissive Access-Control-Allow-Origin headers including wildcard (*) with credentials, or dynamic reflection of Origin header without proper validation, enabling cross-origin data theft.',
355
371
  severity: 'high',
372
+ levelId: 2,
356
373
  category: 'configuration',
357
374
  scanner: 'security-headers',
358
375
  cvss: {
@@ -374,6 +391,7 @@ exports.CONFIG_VULNERABILITIES = {
374
391
  title: 'CORS Wildcard With Credentials',
375
392
  description: 'Access-Control-Allow-Origin is set to * while Access-Control-Allow-Credentials is enabled, which browsers block but signals a dangerous CORS policy that can be misapplied in some environments.',
376
393
  severity: 'high',
394
+ levelId: 2,
377
395
  category: 'configuration',
378
396
  scanner: 'security-headers',
379
397
  cvss: {
@@ -395,6 +413,7 @@ exports.CONFIG_VULNERABILITIES = {
395
413
  title: 'CORS Origin Reflection Without Vary',
396
414
  description: 'The Origin header is reflected in Access-Control-Allow-Origin without Vary: Origin, which can lead to cache poisoning and unintended cross-origin access.',
397
415
  severity: 'high',
416
+ levelId: 2,
398
417
  category: 'configuration',
399
418
  scanner: 'security-headers',
400
419
  cvss: {
@@ -416,6 +435,7 @@ exports.CONFIG_VULNERABILITIES = {
416
435
  title: 'CORS Allows Null Origin',
417
436
  description: 'Access-Control-Allow-Origin allows the null origin, enabling requests from opaque origins such as sandboxed iframes and file URLs that can be abused to access sensitive data.',
418
437
  severity: 'high',
438
+ levelId: 2,
419
439
  category: 'configuration',
420
440
  scanner: 'security-headers',
421
441
  cvss: {
@@ -437,6 +457,7 @@ exports.CONFIG_VULNERABILITIES = {
437
457
  title: 'CORS Allows Wildcard Subdomains',
438
458
  description: 'CORS policies allow wildcard subdomains that can be abused if any subdomain is compromised or can be controlled by untrusted parties.',
439
459
  severity: 'high',
460
+ levelId: 2,
440
461
  category: 'configuration',
441
462
  scanner: 'security-headers',
442
463
  cvss: {
@@ -455,12 +476,454 @@ exports.CONFIG_VULNERABILITIES = {
455
476
  // ========================================
456
477
  // DIRECTORY BROWSING
457
478
  // ========================================
479
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC]: {
480
+ id: 2000,
481
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC,
482
+ title: 'Directory Listing Enabled (Generic)',
483
+ description: 'Directory listing is enabled and exposes directory contents to unauthenticated visitors, revealing application structure and file names.',
484
+ severity: 'low',
485
+ levelId: 4,
486
+ category: 'configuration',
487
+ scanner: 'directory-browsing',
488
+ cvss: {
489
+ score: 3.7,
490
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
491
+ severity: 'LOW',
492
+ },
493
+ cwe: [
494
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
495
+ ],
496
+ owasp: [
497
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
498
+ ],
499
+ remediation: 'Disable directory listing in the web server configuration and ensure directories have index files.',
500
+ },
501
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE]: {
502
+ id: 2001,
503
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE,
504
+ title: 'Directory Listing Exposing Sensitive Content (Generic)',
505
+ description: 'Directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
506
+ severity: 'medium',
507
+ levelId: 3,
508
+ category: 'configuration',
509
+ scanner: 'directory-browsing',
510
+ cvss: {
511
+ score: 5.3,
512
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
513
+ severity: 'MEDIUM',
514
+ },
515
+ cwe: [
516
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
517
+ ],
518
+ owasp: [
519
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
520
+ ],
521
+ remediation: 'Disable directory listing and remove sensitive files from web-accessible directories.',
522
+ },
523
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE]: {
524
+ id: 2002,
525
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE,
526
+ title: 'Apache Autoindex Enabled',
527
+ description: 'Apache autoindex is enabled, exposing directory contents to unauthenticated visitors.',
528
+ severity: 'low',
529
+ levelId: 4,
530
+ category: 'configuration',
531
+ scanner: 'directory-browsing',
532
+ cvss: {
533
+ score: 3.7,
534
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
535
+ severity: 'LOW',
536
+ },
537
+ cwe: [
538
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
539
+ ],
540
+ owasp: [
541
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
542
+ ],
543
+ remediation: 'Disable autoindex in Apache (Options -Indexes) and add index files.',
544
+ },
545
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE]: {
546
+ id: 2003,
547
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE,
548
+ title: 'Apache Autoindex Exposing Sensitive Content',
549
+ description: 'Apache autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
550
+ severity: 'medium',
551
+ levelId: 3,
552
+ category: 'configuration',
553
+ scanner: 'directory-browsing',
554
+ cvss: {
555
+ score: 5.3,
556
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
557
+ severity: 'MEDIUM',
558
+ },
559
+ cwe: [
560
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
561
+ ],
562
+ owasp: [
563
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
564
+ ],
565
+ remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
566
+ },
567
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX]: {
568
+ id: 2004,
569
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX,
570
+ title: 'Nginx Autoindex Enabled',
571
+ description: 'Nginx autoindex is enabled, exposing directory contents to unauthenticated visitors.',
572
+ severity: 'low',
573
+ levelId: 4,
574
+ category: 'configuration',
575
+ scanner: 'directory-browsing',
576
+ cvss: {
577
+ score: 3.7,
578
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
579
+ severity: 'LOW',
580
+ },
581
+ cwe: [
582
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
583
+ ],
584
+ owasp: [
585
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
586
+ ],
587
+ remediation: 'Disable autoindex in nginx (autoindex off) and add index files.',
588
+ },
589
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE]: {
590
+ id: 2005,
591
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE,
592
+ title: 'Nginx Autoindex Exposing Sensitive Content',
593
+ description: 'Nginx autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
594
+ severity: 'medium',
595
+ levelId: 3,
596
+ category: 'configuration',
597
+ scanner: 'directory-browsing',
598
+ cvss: {
599
+ score: 5.3,
600
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
601
+ severity: 'MEDIUM',
602
+ },
603
+ cwe: [
604
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
605
+ ],
606
+ owasp: [
607
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
608
+ ],
609
+ remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
610
+ },
611
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS]: {
612
+ id: 2006,
613
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS,
614
+ title: 'IIS Directory Browsing Enabled',
615
+ description: 'IIS directory browsing is enabled, exposing directory contents to unauthenticated visitors.',
616
+ severity: 'low',
617
+ levelId: 4,
618
+ category: 'configuration',
619
+ scanner: 'directory-browsing',
620
+ cvss: {
621
+ score: 3.7,
622
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
623
+ severity: 'LOW',
624
+ },
625
+ cwe: [
626
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
627
+ ],
628
+ owasp: [
629
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
630
+ ],
631
+ remediation: 'Disable directory browsing in IIS and ensure directories have index files.',
632
+ },
633
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE]: {
634
+ id: 2007,
635
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE,
636
+ title: 'IIS Directory Browsing Exposing Sensitive Content',
637
+ description: 'IIS directory browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
638
+ severity: 'medium',
639
+ levelId: 3,
640
+ category: 'configuration',
641
+ scanner: 'directory-browsing',
642
+ cvss: {
643
+ score: 5.3,
644
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
645
+ severity: 'MEDIUM',
646
+ },
647
+ cwe: [
648
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
649
+ ],
650
+ owasp: [
651
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
652
+ ],
653
+ remediation: 'Disable directory browsing and remove sensitive files from web-accessible directories.',
654
+ },
655
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT]: {
656
+ id: 2008,
657
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT,
658
+ title: 'Tomcat Directory Listing Enabled',
659
+ description: 'Tomcat directory listing is enabled, exposing directory contents to unauthenticated visitors.',
660
+ severity: 'low',
661
+ levelId: 4,
662
+ category: 'configuration',
663
+ scanner: 'directory-browsing',
664
+ cvss: {
665
+ score: 3.7,
666
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
667
+ severity: 'LOW',
668
+ },
669
+ cwe: [
670
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
671
+ ],
672
+ owasp: [
673
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
674
+ ],
675
+ remediation: 'Disable directory listings in Tomcat and add index files to web directories.',
676
+ },
677
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE]: {
678
+ id: 2009,
679
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE,
680
+ title: 'Tomcat Directory Listing Exposing Sensitive Content',
681
+ description: 'Tomcat directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
682
+ severity: 'medium',
683
+ levelId: 3,
684
+ category: 'configuration',
685
+ scanner: 'directory-browsing',
686
+ cvss: {
687
+ score: 5.3,
688
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
689
+ severity: 'MEDIUM',
690
+ },
691
+ cwe: [
692
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
693
+ ],
694
+ owasp: [
695
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
696
+ ],
697
+ remediation: 'Disable directory listings and remove sensitive files from web-accessible directories.',
698
+ },
699
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY]: {
700
+ id: 2010,
701
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY,
702
+ title: 'Caddy File Server Browsing Enabled',
703
+ description: 'Caddy file server browsing is enabled, exposing directory contents to unauthenticated visitors.',
704
+ severity: 'low',
705
+ levelId: 4,
706
+ category: 'configuration',
707
+ scanner: 'directory-browsing',
708
+ cvss: {
709
+ score: 3.7,
710
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
711
+ severity: 'LOW',
712
+ },
713
+ cwe: [
714
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
715
+ ],
716
+ owasp: [
717
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
718
+ ],
719
+ remediation: 'Disable file_server browse in Caddy or restrict browsing to trusted users.',
720
+ },
721
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE]: {
722
+ id: 2011,
723
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE,
724
+ title: 'Caddy File Server Browsing Exposing Sensitive Content',
725
+ description: 'Caddy file server browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
726
+ severity: 'medium',
727
+ levelId: 3,
728
+ category: 'configuration',
729
+ scanner: 'directory-browsing',
730
+ cvss: {
731
+ score: 5.3,
732
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
733
+ severity: 'MEDIUM',
734
+ },
735
+ cwe: [
736
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
737
+ ],
738
+ owasp: [
739
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
740
+ ],
741
+ remediation: 'Disable file_server browse and remove sensitive files from web-accessible directories.',
742
+ },
743
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV]: {
744
+ id: 2012,
745
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV,
746
+ title: 'WebDAV Directory Listing Enabled',
747
+ description: 'WebDAV responses expose directory contents, allowing unauthenticated browsing of files and folders.',
748
+ severity: 'low',
749
+ levelId: 4,
750
+ category: 'configuration',
751
+ scanner: 'directory-browsing',
752
+ cvss: {
753
+ score: 3.7,
754
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
755
+ severity: 'LOW',
756
+ },
757
+ cwe: [
758
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
759
+ ],
760
+ owasp: [
761
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
762
+ ],
763
+ remediation: 'Disable unauthenticated WebDAV browsing or restrict access with authentication and authorization.',
764
+ },
765
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE]: {
766
+ id: 2013,
767
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE,
768
+ title: 'WebDAV Directory Listing Exposing Sensitive Content',
769
+ description: 'WebDAV responses expose directories containing sensitive files such as backups, credentials, or configuration artifacts.',
770
+ severity: 'medium',
771
+ levelId: 3,
772
+ category: 'configuration',
773
+ scanner: 'directory-browsing',
774
+ cvss: {
775
+ score: 5.3,
776
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
777
+ severity: 'MEDIUM',
778
+ },
779
+ cwe: [
780
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
781
+ ],
782
+ owasp: [
783
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
784
+ ],
785
+ remediation: 'Disable unauthenticated WebDAV browsing and remove sensitive files from exposed directories.',
786
+ },
787
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3]: {
788
+ id: 2014,
789
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3,
790
+ title: 'S3 Bucket Listing Enabled',
791
+ description: 'An S3 bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
792
+ severity: 'low',
793
+ levelId: 4,
794
+ category: 'configuration',
795
+ scanner: 'directory-browsing',
796
+ cvss: {
797
+ score: 3.7,
798
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
799
+ severity: 'LOW',
800
+ },
801
+ cwe: [
802
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
803
+ ],
804
+ owasp: [
805
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
806
+ ],
807
+ remediation: 'Disable public ListBucket access and restrict bucket policies to authorized principals.',
808
+ },
809
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3_SENSITIVE]: {
810
+ id: 2015,
811
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3_SENSITIVE,
812
+ title: 'S3 Bucket Listing Exposing Sensitive Content',
813
+ description: 'An S3 bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
814
+ severity: 'medium',
815
+ levelId: 3,
816
+ category: 'configuration',
817
+ scanner: 'directory-browsing',
818
+ cvss: {
819
+ score: 5.3,
820
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
821
+ severity: 'MEDIUM',
822
+ },
823
+ cwe: [
824
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
825
+ ],
826
+ owasp: [
827
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
828
+ ],
829
+ remediation: 'Remove public ListBucket access and rotate any exposed credentials or secrets.',
830
+ },
831
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS]: {
832
+ id: 2016,
833
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS,
834
+ title: 'GCS Bucket Listing Enabled',
835
+ description: 'A Google Cloud Storage bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
836
+ severity: 'low',
837
+ levelId: 4,
838
+ category: 'configuration',
839
+ scanner: 'directory-browsing',
840
+ cvss: {
841
+ score: 3.7,
842
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
843
+ severity: 'LOW',
844
+ },
845
+ cwe: [
846
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
847
+ ],
848
+ owasp: [
849
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
850
+ ],
851
+ remediation: 'Restrict bucket IAM policies to authorized principals and disable anonymous listing.',
852
+ },
853
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE]: {
854
+ id: 2017,
855
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE,
856
+ title: 'GCS Bucket Listing Exposing Sensitive Content',
857
+ description: 'A Google Cloud Storage bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
858
+ severity: 'medium',
859
+ levelId: 3,
860
+ category: 'configuration',
861
+ scanner: 'directory-browsing',
862
+ cvss: {
863
+ score: 5.3,
864
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
865
+ severity: 'MEDIUM',
866
+ },
867
+ cwe: [
868
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
869
+ ],
870
+ owasp: [
871
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
872
+ ],
873
+ remediation: 'Remove public listing access and rotate any exposed credentials or secrets.',
874
+ },
875
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB]: {
876
+ id: 2018,
877
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB,
878
+ title: 'Azure Blob Container Listing Enabled',
879
+ description: 'An Azure Blob container listing is exposed, allowing unauthenticated enumeration of blob names.',
880
+ severity: 'low',
881
+ levelId: 4,
882
+ category: 'configuration',
883
+ scanner: 'directory-browsing',
884
+ cvss: {
885
+ score: 3.7,
886
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
887
+ severity: 'LOW',
888
+ },
889
+ cwe: [
890
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
891
+ ],
892
+ owasp: [
893
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
894
+ ],
895
+ remediation: 'Disable public container listing and restrict access via SAS tokens or RBAC.',
896
+ },
897
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE]: {
898
+ id: 2019,
899
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE,
900
+ title: 'Azure Blob Container Listing Exposing Sensitive Content',
901
+ description: 'An Azure Blob container listing is exposed and includes sensitive blobs such as backups, credentials, or configuration artifacts.',
902
+ severity: 'medium',
903
+ levelId: 3,
904
+ category: 'configuration',
905
+ scanner: 'directory-browsing',
906
+ cvss: {
907
+ score: 5.3,
908
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
909
+ severity: 'MEDIUM',
910
+ },
911
+ cwe: [
912
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
913
+ ],
914
+ owasp: [
915
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
916
+ ],
917
+ remediation: 'Remove public listing access and rotate any exposed credentials or secrets.',
918
+ },
919
+ // Legacy generic codes (keep for backward compatibility)
458
920
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_ENABLED]: {
459
921
  id: 74,
460
922
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_ENABLED,
461
923
  title: 'Directory Listing Enabled',
462
924
  description: 'Web server directory listing is enabled, exposing the contents of directories to anyone who browses to them without an index file. This reveals application structure, backup files, configuration files, and potentially sensitive data to attackers.',
463
925
  severity: 'low',
926
+ levelId: 4,
464
927
  category: 'configuration',
465
928
  scanner: 'directory-browsing',
466
929
  cvss: {
@@ -482,6 +945,7 @@ exports.CONFIG_VULNERABILITIES = {
482
945
  title: 'Directory Listing Exposing Sensitive Content',
483
946
  description: 'Directory listing is enabled on a directory containing sensitive files like backups, configuration files, source code, or credentials. This elevates the risk significantly as attackers can directly access sensitive information without guessing filenames.',
484
947
  severity: 'medium',
948
+ levelId: 3,
485
949
  category: 'configuration',
486
950
  scanner: 'directory-browsing',
487
951
  cvss: {
@@ -506,6 +970,7 @@ exports.CONFIG_VULNERABILITIES = {
506
970
  title: 'Clickjacking - Page Frameable',
507
971
  description: 'The application pages can be embedded in iframes on malicious websites, enabling clickjacking attacks where attackers overlay transparent frames over deceptive UI elements to trick users into clicking hidden buttons or links that perform unintended actions.',
508
972
  severity: 'medium',
973
+ levelId: 3,
509
974
  category: 'configuration',
510
975
  scanner: 'security-headers',
511
976
  cvss: {
@@ -530,6 +995,7 @@ exports.CONFIG_VULNERABILITIES = {
530
995
  title: 'Insecure Deserialization - Java',
531
996
  description: 'Critical Java deserialization vulnerability where untrusted serialized objects are processed, allowing attackers to achieve remote code execution through gadget chains in common libraries like Apache Commons Collections, Spring Framework, or other classpath dependencies.',
532
997
  severity: 'critical',
998
+ levelId: 1,
533
999
  category: 'injection',
534
1000
  scanner: 'deserialization',
535
1001
  cvss: {
@@ -551,6 +1017,7 @@ exports.CONFIG_VULNERABILITIES = {
551
1017
  title: 'Insecure Deserialization - PHP',
552
1018
  description: 'Critical PHP deserialization vulnerability where unserialize() processes attacker-controlled data, enabling object injection attacks through magic methods like __wakeup(), __destruct(), or __toString() in application or framework classes for remote code execution.',
553
1019
  severity: 'critical',
1020
+ levelId: 1,
554
1021
  category: 'injection',
555
1022
  scanner: 'deserialization',
556
1023
  cvss: {
@@ -572,6 +1039,7 @@ exports.CONFIG_VULNERABILITIES = {
572
1039
  title: 'Insecure Deserialization - Python',
573
1040
  description: 'Critical Python deserialization vulnerability through pickle/cPickle processing of untrusted data, enabling remote code execution via __reduce__ method exploitation. Python pickle is inherently unsafe and should never process untrusted input.',
574
1041
  severity: 'critical',
1042
+ levelId: 1,
575
1043
  category: 'injection',
576
1044
  scanner: 'deserialization',
577
1045
  cvss: {
@@ -593,6 +1061,7 @@ exports.CONFIG_VULNERABILITIES = {
593
1061
  title: 'Insecure Deserialization - .NET',
594
1062
  description: 'Critical .NET deserialization vulnerability through BinaryFormatter, ObjectStateFormatter, LosFormatter, or other dangerous formatters processing untrusted data, enabling remote code execution through gadget chains in the .NET runtime or third-party libraries.',
595
1063
  severity: 'critical',
1064
+ levelId: 1,
596
1065
  category: 'injection',
597
1066
  scanner: 'deserialization',
598
1067
  cvss: {
@@ -614,6 +1083,7 @@ exports.CONFIG_VULNERABILITIES = {
614
1083
  title: 'Insecure Deserialization - Ruby',
615
1084
  description: 'Critical Ruby deserialization vulnerability through Marshal.load or YAML.load processing untrusted data, enabling remote code execution through Ruby object instantiation gadgets that execute arbitrary code during object reconstruction.',
616
1085
  severity: 'critical',
1086
+ levelId: 1,
617
1087
  category: 'injection',
618
1088
  scanner: 'deserialization',
619
1089
  cvss: {
@@ -635,6 +1105,7 @@ exports.CONFIG_VULNERABILITIES = {
635
1105
  title: 'Insecure Deserialization - Node.js',
636
1106
  description: 'Critical Node.js deserialization vulnerability through node-serialize, funcster, or similar libraries that execute JavaScript during deserialization, enabling remote code execution when attacker-controlled serialized data containing functions or IIFE is processed.',
637
1107
  severity: 'critical',
1108
+ levelId: 1,
638
1109
  category: 'injection',
639
1110
  scanner: 'deserialization',
640
1111
  cvss: {
@@ -656,6 +1127,7 @@ exports.CONFIG_VULNERABILITIES = {
656
1127
  title: 'Clickjacking - Partial Protection',
657
1128
  description: 'Incomplete clickjacking protection where X-Frame-Options or frame-ancestors CSP is only applied on some pages, uses weak values like ALLOW-FROM with bypassable origins, or has inconsistent implementation allowing certain pages to be framed.',
658
1129
  severity: 'low',
1130
+ levelId: 4,
659
1131
  category: 'configuration',
660
1132
  scanner: 'security-headers',
661
1133
  cvss: {
@@ -677,6 +1149,7 @@ exports.CONFIG_VULNERABILITIES = {
677
1149
  title: 'Missing Security Header - X-Content-Type-Options',
678
1150
  description: 'The application does not set X-Content-Type-Options: nosniff header, allowing browsers to perform MIME-type sniffing that can lead to XSS attacks when user-uploaded content is served with incorrect Content-Type and browsers execute it as script.',
679
1151
  severity: 'low',
1152
+ levelId: 4,
680
1153
  category: 'configuration',
681
1154
  scanner: 'security-headers',
682
1155
  cvss: {
@@ -698,6 +1171,7 @@ exports.CONFIG_VULNERABILITIES = {
698
1171
  title: 'Invalid Security Header - X-Content-Type-Options',
699
1172
  description: 'The X-Content-Type-Options header is present but misconfigured (not set to nosniff), which can allow MIME sniffing and reduce protection against content-type confusion.',
700
1173
  severity: 'low',
1174
+ levelId: 4,
701
1175
  category: 'configuration',
702
1176
  scanner: 'security-headers',
703
1177
  cvss: {
@@ -719,6 +1193,7 @@ exports.CONFIG_VULNERABILITIES = {
719
1193
  title: 'Missing Security Header - Referrer-Policy',
720
1194
  description: 'The application does not implement Referrer-Policy header, potentially leaking sensitive URL information including session tokens, user IDs, or query parameters to external sites when users click links or resources are loaded from third-party domains.',
721
1195
  severity: 'low',
1196
+ levelId: 4,
722
1197
  category: 'configuration',
723
1198
  scanner: 'security-headers',
724
1199
  cvss: {
@@ -740,6 +1215,7 @@ exports.CONFIG_VULNERABILITIES = {
740
1215
  title: 'Unsafe Referrer-Policy Configuration',
741
1216
  description: 'The Referrer-Policy header is set to a permissive value that can leak full URLs and sensitive query parameters to external origins.',
742
1217
  severity: 'low',
1218
+ levelId: 4,
743
1219
  category: 'configuration',
744
1220
  scanner: 'security-headers',
745
1221
  cvss: {
@@ -761,6 +1237,7 @@ exports.CONFIG_VULNERABILITIES = {
761
1237
  title: 'Missing Security Header - Permissions-Policy',
762
1238
  description: 'The application does not implement Permissions-Policy (formerly Feature-Policy) header, allowing embedded frames or malicious scripts to access sensitive browser features like camera, microphone, geolocation, or payment APIs without explicit permission.',
763
1239
  severity: 'info',
1240
+ levelId: 5,
764
1241
  category: 'configuration',
765
1242
  scanner: 'security-headers',
766
1243
  cvss: {
@@ -782,6 +1259,7 @@ exports.CONFIG_VULNERABILITIES = {
782
1259
  title: 'Missing Security Header - X-XSS-Protection',
783
1260
  description: 'The legacy X-XSS-Protection header is not set. While deprecated in modern browsers, it can provide defense-in-depth for older browsers that still honor this header for their built-in XSS auditor feature.',
784
1261
  severity: 'info',
1262
+ levelId: 5,
785
1263
  category: 'configuration',
786
1264
  scanner: 'security-headers',
787
1265
  cvss: {
@@ -803,6 +1281,7 @@ exports.CONFIG_VULNERABILITIES = {
803
1281
  title: 'Header Misconfiguration - COEP Without COOP',
804
1282
  description: 'Cross-Origin-Embedder-Policy (COEP) is set without Cross-Origin-Opener-Policy (COOP), which can create inconsistent cross-origin isolation behavior and indicate incomplete or misapplied security header strategy for isolation-sensitive applications.',
805
1283
  severity: 'info',
1284
+ levelId: 5,
806
1285
  category: 'configuration',
807
1286
  scanner: 'security-headers',
808
1287
  cvss: {
@@ -824,6 +1303,7 @@ exports.CONFIG_VULNERABILITIES = {
824
1303
  title: 'Header Misconfiguration - Unusual CORP Value',
825
1304
  description: 'Cross-Origin-Resource-Policy (CORP) is set to a non-standard value, which may indicate a misconfiguration that provides no effective protection or creates unpredictable resource loading behavior across origins.',
826
1305
  severity: 'info',
1306
+ levelId: 5,
827
1307
  category: 'configuration',
828
1308
  scanner: 'security-headers',
829
1309
  cvss: {
@@ -845,6 +1325,7 @@ exports.CONFIG_VULNERABILITIES = {
845
1325
  title: 'Deprecated Header - Expect-CT Present',
846
1326
  description: 'The Expect-CT header is present even though the feature is deprecated and no longer enforced by major browsers, adding unnecessary configuration surface without meaningful security benefit.',
847
1327
  severity: 'info',
1328
+ levelId: 5,
848
1329
  category: 'configuration',
849
1330
  scanner: 'security-headers',
850
1331
  cvss: {
@@ -866,6 +1347,7 @@ exports.CONFIG_VULNERABILITIES = {
866
1347
  title: 'Information Exposure - Server Header Present',
867
1348
  description: 'The Server header reveals technology or version details that can assist attackers with fingerprinting and targeted exploitation, increasing the likelihood of tailored attacks against known software weaknesses.',
868
1349
  severity: 'info',
1350
+ levelId: 5,
869
1351
  category: 'configuration',
870
1352
  scanner: 'security-headers',
871
1353
  cvss: {
@@ -887,6 +1369,7 @@ exports.CONFIG_VULNERABILITIES = {
887
1369
  title: 'Information Exposure - X-Powered-By Present',
888
1370
  description: 'The X-Powered-By header discloses framework or runtime information that can be used to fingerprint the application stack and target known vulnerabilities in specific platforms or versions.',
889
1371
  severity: 'info',
1372
+ levelId: 5,
890
1373
  category: 'configuration',
891
1374
  scanner: 'security-headers',
892
1375
  cvss: {
@@ -908,6 +1391,7 @@ exports.CONFIG_VULNERABILITIES = {
908
1391
  title: 'Deprecated Header - X-XSS-Protection Enabled',
909
1392
  description: 'The X-XSS-Protection header is enabled, which is deprecated and can introduce security risks or inconsistent behavior in legacy browsers due to the removed XSS auditor feature.',
910
1393
  severity: 'low',
1394
+ levelId: 4,
911
1395
  category: 'configuration',
912
1396
  scanner: 'security-headers',
913
1397
  cvss: {
@@ -929,6 +1413,7 @@ exports.CONFIG_VULNERABILITIES = {
929
1413
  title: 'Cookie Misconfiguration - SameSite=None Without Secure',
930
1414
  description: 'A cookie is configured with SameSite=None but lacks the Secure attribute, enabling cross-site transmission over unencrypted connections and undermining cookie integrity and confidentiality controls.',
931
1415
  severity: 'medium',
1416
+ levelId: 3,
932
1417
  category: 'configuration',
933
1418
  scanner: 'security-headers',
934
1419
  cvss: {
@@ -950,6 +1435,7 @@ exports.CONFIG_VULNERABILITIES = {
950
1435
  title: 'Cookie Misconfiguration - Session Cookie Missing Secure',
951
1436
  description: 'Session or authentication cookies are missing the Secure attribute, allowing them to be transmitted over unencrypted connections and increasing the risk of session hijacking or credential theft.',
952
1437
  severity: 'high',
1438
+ levelId: 2,
953
1439
  category: 'configuration',
954
1440
  scanner: 'security-headers',
955
1441
  cvss: {
@@ -971,6 +1457,7 @@ exports.CONFIG_VULNERABILITIES = {
971
1457
  title: 'Cookie Misconfiguration - Missing Secure Attribute',
972
1458
  description: 'Cookies are set without the Secure attribute, permitting transmission over plaintext HTTP and exposing cookie contents to network interception or manipulation.',
973
1459
  severity: 'medium',
1460
+ levelId: 3,
974
1461
  category: 'configuration',
975
1462
  scanner: 'security-headers',
976
1463
  cvss: {
@@ -992,6 +1479,7 @@ exports.CONFIG_VULNERABILITIES = {
992
1479
  title: 'Cookie Misconfiguration - Session Cookie Missing HttpOnly',
993
1480
  description: 'Session or authentication cookies are missing the HttpOnly attribute, allowing client-side scripts to access sensitive cookie values and increasing the impact of XSS attacks.',
994
1481
  severity: 'high',
1482
+ levelId: 2,
995
1483
  category: 'configuration',
996
1484
  scanner: 'security-headers',
997
1485
  cvss: {
@@ -1013,6 +1501,7 @@ exports.CONFIG_VULNERABILITIES = {
1013
1501
  title: 'Cookie Misconfiguration - Missing HttpOnly Attribute',
1014
1502
  description: 'Cookies are missing the HttpOnly attribute, allowing JavaScript access to cookie values and increasing the potential impact of client-side script injection.',
1015
1503
  severity: 'medium',
1504
+ levelId: 3,
1016
1505
  category: 'configuration',
1017
1506
  scanner: 'security-headers',
1018
1507
  cvss: {
@@ -1034,6 +1523,7 @@ exports.CONFIG_VULNERABILITIES = {
1034
1523
  title: 'Cookie Misconfiguration - Missing SameSite Attribute',
1035
1524
  description: 'Cookies do not specify SameSite, which can allow cross-site requests to include cookies by default and increase exposure to CSRF-style attacks or cross-site leakage.',
1036
1525
  severity: 'medium',
1526
+ levelId: 3,
1037
1527
  category: 'configuration',
1038
1528
  scanner: 'security-headers',
1039
1529
  cvss: {
@@ -1055,6 +1545,7 @@ exports.CONFIG_VULNERABILITIES = {
1055
1545
  title: 'Cookie Misconfiguration - __Host- Prefix Violations',
1056
1546
  description: 'Cookies with the __Host- prefix do not meet required attributes (Secure, Path=/, no Domain), weakening the protections provided by host-only cookie semantics.',
1057
1547
  severity: 'medium',
1548
+ levelId: 3,
1058
1549
  category: 'configuration',
1059
1550
  scanner: 'security-headers',
1060
1551
  cvss: {
@@ -1076,6 +1567,7 @@ exports.CONFIG_VULNERABILITIES = {
1076
1567
  title: 'Cookie Misconfiguration - __Secure- Prefix Violations',
1077
1568
  description: 'Cookies with the __Secure- prefix are missing the Secure attribute, which defeats the prefix requirement and weakens transport security protections.',
1078
1569
  severity: 'medium',
1570
+ levelId: 3,
1079
1571
  category: 'configuration',
1080
1572
  scanner: 'security-headers',
1081
1573
  cvss: {
@@ -1097,6 +1589,7 @@ exports.CONFIG_VULNERABILITIES = {
1097
1589
  title: 'Header Drift - Content-Security-Policy Inconsistent',
1098
1590
  description: 'Content-Security-Policy is present on some paths but missing on others, creating uneven defenses and potentially exposing unprotected routes to script injection or content loading risks.',
1099
1591
  severity: 'low',
1592
+ levelId: 4,
1100
1593
  category: 'configuration',
1101
1594
  scanner: 'security-headers',
1102
1595
  cvss: {
@@ -1118,6 +1611,7 @@ exports.CONFIG_VULNERABILITIES = {
1118
1611
  title: 'Header Drift - Strict-Transport-Security Inconsistent',
1119
1612
  description: 'Strict-Transport-Security is present on some paths but missing on others, reducing the effectiveness of HTTPS enforcement and creating mixed transport behavior across the site.',
1120
1613
  severity: 'low',
1614
+ levelId: 4,
1121
1615
  category: 'configuration',
1122
1616
  scanner: 'security-headers',
1123
1617
  cvss: {
@@ -1139,6 +1633,7 @@ exports.CONFIG_VULNERABILITIES = {
1139
1633
  title: 'Header Drift - X-Content-Type-Options Inconsistent',
1140
1634
  description: 'X-Content-Type-Options is present on some paths but missing on others, allowing inconsistent MIME sniffing behavior that could expose unprotected routes to content-type confusion.',
1141
1635
  severity: 'low',
1636
+ levelId: 4,
1142
1637
  category: 'configuration',
1143
1638
  scanner: 'security-headers',
1144
1639
  cvss: {
@@ -1160,6 +1655,7 @@ exports.CONFIG_VULNERABILITIES = {
1160
1655
  title: 'Header Drift - Referrer-Policy Inconsistent',
1161
1656
  description: 'Referrer-Policy is present on some paths but missing on others, leading to inconsistent referrer leakage controls and potential exposure of sensitive URL data.',
1162
1657
  severity: 'low',
1658
+ levelId: 4,
1163
1659
  category: 'configuration',
1164
1660
  scanner: 'security-headers',
1165
1661
  cvss: {
@@ -1181,6 +1677,7 @@ exports.CONFIG_VULNERABILITIES = {
1181
1677
  title: 'Header Drift - X-Frame-Options Inconsistent',
1182
1678
  description: 'X-Frame-Options or equivalent framing controls are present on some paths but missing on others, creating uneven clickjacking protection across the site.',
1183
1679
  severity: 'low',
1680
+ levelId: 4,
1184
1681
  category: 'configuration',
1185
1682
  scanner: 'security-headers',
1186
1683
  cvss: {
@@ -1202,6 +1699,7 @@ exports.CONFIG_VULNERABILITIES = {
1202
1699
  title: 'Header Drift - Permissions-Policy Inconsistent',
1203
1700
  description: 'Permissions-Policy is present on some paths but missing on others, leading to inconsistent controls over browser features such as geolocation, camera, or microphone.',
1204
1701
  severity: 'low',
1702
+ levelId: 4,
1205
1703
  category: 'configuration',
1206
1704
  scanner: 'security-headers',
1207
1705
  cvss: {
@@ -1223,6 +1721,7 @@ exports.CONFIG_VULNERABILITIES = {
1223
1721
  title: 'Header Drift - COOP Inconsistent',
1224
1722
  description: 'Cross-Origin-Opener-Policy is present on some paths but missing on others, which can lead to uneven cross-origin isolation guarantees and inconsistent window isolation behavior.',
1225
1723
  severity: 'low',
1724
+ levelId: 4,
1226
1725
  category: 'configuration',
1227
1726
  scanner: 'security-headers',
1228
1727
  cvss: {
@@ -1244,6 +1743,7 @@ exports.CONFIG_VULNERABILITIES = {
1244
1743
  title: 'Header Drift - COEP Inconsistent',
1245
1744
  description: 'Cross-Origin-Embedder-Policy is present on some paths but missing on others, resulting in inconsistent embedding restrictions and cross-origin isolation posture.',
1246
1745
  severity: 'low',
1746
+ levelId: 4,
1247
1747
  category: 'configuration',
1248
1748
  scanner: 'security-headers',
1249
1749
  cvss: {
@@ -1265,6 +1765,7 @@ exports.CONFIG_VULNERABILITIES = {
1265
1765
  title: 'Header Drift - CORP Inconsistent',
1266
1766
  description: 'Cross-Origin-Resource-Policy is present on some paths but missing on others, which can leave inconsistent controls on resource sharing and embedding across the application.',
1267
1767
  severity: 'low',
1768
+ levelId: 4,
1268
1769
  category: 'configuration',
1269
1770
  scanner: 'security-headers',
1270
1771
  cvss: {