Вы находитесь на странице: 1из 12

HPE Security WebInspect

Alert View
Web Application Assessment Report

Scan Name:
Policy:
Scan Date:
Scan Version:
Scan Type:

Site: http://zero.webappsecurity.com/
Standard
10/10/2016 1:19:47 PM
16.10.463.10
Site

Crawl Sessions:
Vulnerabilities:
Scan Duration:
Client:

437
104
21 minutes : 27 seconds
FF

Server: http://zero.webappsecurity.com:80

Critical
Poor Error Handling: Unhandled Exception
Page:

http://zero.webappsecurity.com:80/account/

Cross-Site Scripting: Reflected


Page:

http://zero.webappsecurity.com:80/faq.html?question=1%3c%73%43%72%49%70%54%3e%61%6c%65%
72%74%28%37%34%38%36%37%29%3c%2f%73%43%72%49%70%54%3e

Page:

http://zero.webappsecurity.com:80/search.html?searchTerm=12345%3c%73%43%72%3c%53%63%52%69%
50%74%3e%49%70%54%3e%61%6c%65%72%74%28%32%31%37%38%38%29%3c%2f%73%43%72%
3c%53%63%52%69%50%74%3e%49%70%54%3e

Cross-Site Scripting: Reflected


Page:

http://zero.webappsecurity.com:80/sendFeedback.html

Privacy Violation: Social Security Number


Page:

http://zero.webappsecurity.com:80/admin/users.html

High
Web Server Misconfiguration: Unprotected File
Page:

http://zero.webappsecurity.com:80/server-status

Web Server Misconfiguration: Unprotected File


Page:

http://zero.webappsecurity.com:80/faq.html.bak

Web Server Misconfiguration: Unprotected File


Page:

http://zero.webappsecurity.com:80/index.html.old

Report Date: 10/10/2016

Web Server Misconfiguration: Unprotected File


Page:

http://zero.webappsecurity.com:80/debug.txt

Web Server Misconfiguration: Unprotected File


Page:

http://zero.webappsecurity.com:80/index.old

Insecure Transport
Page:

http://zero.webappsecurity.com:80/login.html

Page:

http://zero.webappsecurity.com:80/forgot-password.html

Web Server Misconfiguration: HTTP Basic Authentication


Page:

http://zero.webappsecurity.com:80/manager/html

Often Misused: Login


Page:

http://zero.webappsecurity.com:80/forgot-password.html

Page:

http://zero.webappsecurity.com:80/login.html

Cross-Frame Scripting
Page:

http://zero.webappsecurity.com:80/login.html

Expression Language Injection


Page:

http://zero.webappsecurity.com:80/search.html?searchTerm=${5914%2b2593}

Medium
Web Server Misconfiguration: Directory Listing
Page:

http://zero.webappsecurity.com:80/errors/

Report Date: 10/10/2016

Web Server Misconfiguration: Unprotected File


Page:

http://zero.webappsecurity.com:80/admin/WS_FTP.LOG

Cross-Site Scripting: Reflected


Page:

http://zero.webappsecurity.com:80/forgotten-password-send.html

Web Server Misconfiguration: Unprotected File


Page:

http://zero.webappsecurity.com:80/include/common.inc

Insecure Deployment: Unpatched Application


Page:

http://zero.webappsecurity.com:80/

Cross-Frame Scripting
Page:

http://zero.webappsecurity.com:80/

Low
Poor Error Handling: Unhandled Exception
Page:

http://zero.webappsecurity.com:80/docs/virtual-hosting-howto.html

Page:

http://zero.webappsecurity.com:80/docs/security-howto.html

Page:

http://zero.webappsecurity.com:80/docs/class-loader-howto.html

Page:

http://zero.webappsecurity.com:80/docs/realm-howto.html

Page:

http://zero.webappsecurity.com:80/docs/manager-howto.html

Page:

http://zero.webappsecurity.com:80/docs/setup.html

Report Date: 10/10/2016

Page:

http://zero.webappsecurity.com:80/docs/security-manager-howto.html

Page:

http://zero.webappsecurity.com:80/docs/ssl-howto.html

Page:

http://zero.webappsecurity.com:80/docs/config/listeners.html

Page:

http://zero.webappsecurity.com:80/docs/config/context.html

Page:

http://zero.webappsecurity.com:80/docs/jasper-howto.html

Page:

http://zero.webappsecurity.com:80/docs/appdev/processes.html

Page:

http://zero.webappsecurity.com:80/docs/logging.html

Page:

http://zero.webappsecurity.com:80/docs/monitoring.html

Page:

http://zero.webappsecurity.com:80/docs/cluster-howto.html

Page:

http://zero.webappsecurity.com:80/docs/building.html

Page:

http://zero.webappsecurity.com:80/docs/config/resources.html

Page:

http://zero.webappsecurity.com:80/docs/changelog.html

Page:

http://zero.webappsecurity.com:80/docs/windows-auth-howto.html

Web Server Misconfiguration: Unprotected File


Page:

http://zero.webappsecurity.com:80/docs/ssi-howto.html

Report Date: 10/10/2016

System Information Leak: Internal IP


Page:

http://zero.webappsecurity.com:80/errors/errors.log

Page:

http://zero.webappsecurity.com:80/docs/monitoring.html

Page:

http://zero.webappsecurity.com:80/admin/WS_FTP.LOG

Page:

http://zero.webappsecurity.com:80/docs/config/filter.html

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/manager/html

Page:

http://zero.webappsecurity.com:80/admin/

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/backup/

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/scripts/

Page:

http://zero.webappsecurity.com:80/cgi-bin/

Page:

http://zero.webappsecurity.com:80/htbin/

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/include/

Page:

http://zero.webappsecurity.com:80/errors/

Report Date: 10/10/2016

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/db/

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/testing/

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/docs/

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/stats/

Page:

http://zero.webappsecurity.com:80/error_log/

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/user/

Web Server Misconfiguration: Unprotected File


Page:

http://zero.webappsecurity.com:80/README.txt

Poor Error Handling: Unhandled Exception


Page:

http://zero.webappsecurity.com:80/docs/building.html

Page:

http://zero.webappsecurity.com:80/docs/config/host.html

Page:

http://zero.webappsecurity.com:80/docs/windows-service-howto.html

Page:

http://zero.webappsecurity.com:80/admin/WS_FTP.LOG

Report Date: 10/10/2016

Page:

http://zero.webappsecurity.com:80/docs/windows-auth-howto.html

Page:

http://zero.webappsecurity.com:80/docs/html-manager-howto.html

Web Server Misconfiguration: Unprotected Directory


Page:

http://zero.webappsecurity.com:80/admin/

System Information Leak: LDAP Query


Page:

http://zero.webappsecurity.com:80/docs/realm-howto.html

Page:

http://zero.webappsecurity.com:80/docs/config/listeners.html

Poor Error Handling: Server Error Message


Page:

http://zero.webappsecurity.com:80/account/

Page:

http://zero.webappsecurity.com:80/<script>alert('TRACK');</script>

HTML5: Overly Permissive CORS Policy


Page:

http://zero.webappsecurity.com:80/docs/funcspecs/index.html

Page:

http://zero.webappsecurity.com:80/docs/servletapi/index.html

Page:

http://zero.webappsecurity.com:80/docs/websocketapi/

Page:

http://zero.webappsecurity.com:80/docs/appdev/sample/

Page:

http://zero.webappsecurity.com:80/errors/errors.log

Page:

http://zero.webappsecurity.com:80/docs/appdev/sample/sample.war

Report Date: 10/10/2016

Page:

http://zero.webappsecurity.com:80/docs/appdev/sample/sample.war

Page:

http://zero.webappsecurity.com:80/docs/tribes/introduction.html

Page:

http://zero.webappsecurity.com:80/docs/jspapi/

Page:

http://zero.webappsecurity.com:80/docs/servletapi/

Page:

http://zero.webappsecurity.com:80/docs/websocketapi/index.html

Page:

http://zero.webappsecurity.com:80/docs/architecture/index.html

Page:

http://zero.webappsecurity.com:80/docs/appdev/

Page:

http://zero.webappsecurity.com:80/docs/config/

Page:

http://zero.webappsecurity.com:80/search.html?searchTerm=12345

Page:

http://zero.webappsecurity.com:80/resources/js/placeholders.min.js

Page:

http://zero.webappsecurity.com:80/docs/config/index.html

Page:

http://zero.webappsecurity.com:80/bank/pay-bills.html

Page:

http://zero.webappsecurity.com:80/docs/elapi/index.html

Page:

http://zero.webappsecurity.com:80/docs/appdev/index.html

Page:

http://zero.webappsecurity.com:80/bank/

Report Date: 10/10/2016

Page:

http://zero.webappsecurity.com:80/docs/api/index.html

Page:

http://zero.webappsecurity.com:80/docs/elapi/

Page:

http://zero.webappsecurity.com:80/docs/funcspecs/

Page:

http://zero.webappsecurity.com:80/docs/manager-howto.html

Page:

http://zero.webappsecurity.com:80/docs/api/

Page:

http://zero.webappsecurity.com:80/docs/jspapi/index.html

Page:

http://zero.webappsecurity.com:80/admin/index.html

Page:

http://zero.webappsecurity.com:80/

Page:

http://zero.webappsecurity.com:80/docs/architecture/

Web Server Misconfiguration: Insecure Content-Type Setting


Page:

http://zero.webappsecurity.com:80/docs/appdev/sample/sample.war

Page:

http://zero.webappsecurity.com:80/errors/errors.log

Informational
Insecure Deployment: Known Application Fingerprint
Page:

http://zero.webappsecurity.com:80/admin/index.html

Report Date: 10/10/2016

10

Web Server Misconfiguration: OPTIONS HTTP Method


Page:

http://zero.webappsecurity.com:80/

Best Practice
Compliance Failure: Missing Privacy Policy
Page:

http://zero.webappsecurity.com:80/

Privacy Violation: Autocomplete


Page:

http://zero.webappsecurity.com:80/

Page:

http://zero.webappsecurity.com:80/admin/currencies-add.html

Page:

http://zero.webappsecurity.com:80/online-banking.html

Page:

http://zero.webappsecurity.com:80/admin/currencies.html

Page:

http://zero.webappsecurity.com:80/admin/index.html

Page:

http://zero.webappsecurity.com:80/index.html

Page:

http://zero.webappsecurity.com:80/admin/users.html

Page:

http://zero.webappsecurity.com:80/search.html?searchTerm=12345

Page:

http://zero.webappsecurity.com:80/sendFeedback.html

Page:

http://zero.webappsecurity.com:80/admin/

Page:

http://zero.webappsecurity.com:80/feedback.html

Report Date: 10/10/2016

11

HTML5: CORS Functionality Abuse


Page:

http://zero.webappsecurity.com:80/resources/js/placeholders.min.js

Web Server Misconfiguration: Insecure Content-Type Setting


Page:

http://zero.webappsecurity.com:80/docs/appdev/sample/

Report Date: 10/10/2016

12