CVS Repository Detected

The web server on the remote host allows read access to files within a 'CVSROOT' directory exposing files tracked inside. This potential flaw can be used to access content from the web server that might otherwise be private & permit download of the source code of listed pages hosted on the remote...

CVS Entries Detected

The web server on the remote host allows read access to files within a 'CVS' directory exposing files tracked inside. This potential flaw can be used to access content from the web server that might otherwise be private. No source data...

SVN Repository Detected

The web server on the remote host allows read access to files within a '.svn' directory exposing files tracked inside. This potential flaw can be used to access content from the web server that might otherwise be private & permit download of the source code of listed pages hosted on the remote...

Invalid Subresource Integrity

Subresource Integrity SRI is a web security standard that enables browsers to verify that resources hosted by third parties CDN for example are delivered without unexpected manipulation. SRI works by comparing a cryptographic hash declared in the integrity attribute of the resource tag like scrip...

Missing 'Content-Type' Header

The Content-Type header allows clients to find an appropriate way to render data, omission of this header can facilitate MIME sniffing attacks. No source data...

Missing Subresource Integrity

Subresource Integrity SRI is a web security standard that enables browsers to verify that resources hosted by third parties CDN for example are delivered without unexpected manipulation. SRI works by comparing a cryptographic hash declared in the integrity attribute of the resource tag like scrip...

.DS_Store File Detected

The web server on the remote host allows read access to a OSX .DSStore file. This potential flaw can be used to access content from the web server that might otherwise be private. No source data...

Magento Connect Manager Detected

Magento Connect Manager has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No source...

Apache .htaccess and .htpasswd Disclosure

The Apache server does not properly restrict access to .htaccess and/or .htpasswd files. A remote unauthenticated attacker can download these files and potentially uncover important information. No source data...

Host Header Injection

When creating URI for links in web applications, developers often resort to the HTTP Host header available in HTTP request sent by client side. A remote attacker can exploit this by sending a fake header with a domain name under his control allowing him to poison web-cache or password reset email...

PHP 5.6.x < 5.6.33 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities. Note that the scanner has not attempted to exploit this issue but has instead relied only on the application's self-reported version numbe...

Basic Authentication Without HTTPS

The remote web server contains web pages that are protected by 'Basic' authentication over cleartext. An attacker eavesdropping the traffic might obtain logins and passwords of valid users. No source data...

Missing 'Expect-CT' Header (deprecated)

The Expect-CT header allows sites to opt in to reporting and or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. This URL is flagged as a specific example. The Expect-CT will likely become obsolete in June...

Error Message

An error or warning message has been found on the remote web server. It may be possible for an attacker to view sensitive information and conduct further attacks. No source data...

Gitignore File Detected

The web server on the remote host contains gitignore configuration files. This potential flaw can be used to access content from the web server that might otherwise be private. No source data...

PHP error_log File Detected

An information disclosure vulnerability exists in the remote web server due to the disclosure of the errorlog file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose potentially sensitive information. No source data...

Environment Configuration File Detected

An environment configuration file .env has been detected on the web application by the scanner. It may be possible for an attacker to view sensitive information database login and password or API keys for example and then conduct further attacks. No source data...

Missing Referrer Policy

Referrer Policy provides mechanisms to websites to restrict referrer information sent in the referer header that browsers will be allowed to add. No Referrer Policy header or metatag configuration has been detected. No source data...

Missing Permissions Policy

Permissions Policy provides mechanisms to websites to restrict the use of browser features in its own frame and in iframes that it embeds. No source data...

Apache Tomcat Manager Detected

Apache Tomcat Manager has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No source da...