WAS Checkpoint Https 10 162 0 199

Web Application Scanning Detailed Scan
Export: Checkpoint
March 24, 2023 at 14:51 (UTC)
telefonica.com-5142
Confidential: The following report contains sensitive security information about the organization’s IT infrastructure. Refer to
your company’s policy regarding data classification and handling of sensitive information.
Table of Contents
Scan Summary ................................................................................................................... 4
Scan Notes ......................................................................................................................... 5
Scan Results ...................................................................................................................... 6
SSL/TLS Forward Secrecy Cipher Suites Not Supported .............................................................................................. 7

SSL/TLS Forward Secrecy Cipher Suites Not Supported Instances (1) ........................................................................ 8
SSL/TLS Self-Signed Certificate .................................................................................................................................... 9
SSL/TLS Self-Signed Certificate Instances (1) ............................................................................................................. 10
SSL/TLS Certificate Common Name Mismatch ........................................................................................................... 11
SSL/TLS Certificate Common Name Mismatch Instances (1) ...................................................................................... 12
Cookie Without HttpOnly Flag Detected ....................................................................................................................... 13
Cookie Without HttpOnly Flag Detected Instances (1) ................................................................................................. 14
Cookie Without Secure Flag Detected ......................................................................................................................... 15
Cookie Without Secure Flag Detected Instances (1) .................................................................................................... 16
HTTP Header Information Disclosure ........................................................................................................................... 17
HTTP Header Information Disclosure Instances (1) ..................................................................................................... 18
Missing 'X-Content-Type-Options' Header ................................................................................................................... 19
Missing 'X-Content-Type-Options' Header Instances (1) ............................................................................................. 20
SSL/TLS Weak Cipher Suites Supported ..................................................................................................................... 21
SSL/TLS Weak Cipher Suites Supported Instances (1) ............................................................................................... 22
Missing Content Security Policy ................................................................................................................................... 23
Missing Content Security Policy Instances (1) ............................................................................................................. 24
Missing 'Cache-Control' Header ................................................................................................................................... 25
Missing 'Cache-Control' Header Instances (1) ............................................................................................................. 26
SSL/TLS Certificate Lifetime Greater Than 398 Days .................................................................................................. 27
SSL/TLS Certificate Lifetime Greater Than 398 Days Instances (1) ............................................................................ 28
Login Form Cross-Site Request Forgery ...................................................................................................................... 29
Login Form Cross-Site Request Forgery Instances (1) ................................................................................................ 31
Cookie Without SameSite Flag Detected ..................................................................................................................... 32
Cookie Without SameSite Flag Detected Instances (2) ............................................................................................... 34
Scan Information .......................................................................................................................................................... 36
Scan Information Instances (1) ..................................................................................................................................... 37
Web Application Sitemap ............................................................................................................................................. 38
Web Application Sitemap Instances (1) ........................................................................................................................ 40
Network Timeout Encountered ..................................................................................................................................... 41
Network Timeout Encountered Instances (1) ............................................................................................................... 42
Login Form Detected .................................................................................................................................................... 43
Login Form Detected Instances (1) .............................................................................................................................. 44
Allowed HTTP Methods ................................................................................................................................................ 45
Allowed HTTP Methods Instances (1) .......................................................................................................................... 46
Interesting Response .................................................................................................................................................... 47
Interesting Response Instances (1) .............................................................................................................................. 48
Cookies Collected ......................................................................................................................................................... 49
Cookies Collected Instances (1) ................................................................................................................................... 51
Target Information ........................................................................................................................................................ 52
Target Information Instances (1) .................................................................................................................................. 53
Screenshot ................................................................................................................................................................... 54
Screenshot Instances (1) .............................................................................................................................................. 55
Web Application Scanning Detailed Scan Export: Checkpoint Page 2 of 84

Form Detected .............................................................................................................................................................. 56
Form Detected Instances (1) ........................................................................................................................................ 57
Missing Permissions Policy .......................................................................................................................................... 58
Missing Permissions Policy Instances (1) .................................................................................................................... 59
Missing Referrer Policy ................................................................................................................................................. 60
Missing Referrer Policy Instances (1) ........................................................................................................................... 61
Missing 'Expect-CT' Header ......................................................................................................................................... 62
Missing 'Expect-CT' Header Instances (1) ................................................................................................................... 63
SSL/TLS Certificate Information ................................................................................................................................... 64
SSL/TLS Certificate Information Instances (1) ............................................................................................................. 65
Missing 'X-XSS-Protection' Header .............................................................................................................................. 66
Missing 'X-XSS-Protection' Header Instances (1) ........................................................................................................ 67
SSL/TLS Versions Supported ....................................................................................................................................... 68
SSL/TLS Versions Supported Instances (1) ................................................................................................................. 69
HTTP Strict Transport Security Policy Detected ........................................................................................................... 70
HTTP Strict Transport Security Policy Detected Instances (1) ..................................................................................... 72
SSL/TLS Server Cipher Suite Preference Not Detected .............................................................................................. 73
SSL/TLS Server Cipher Suite Preference Not Detected Instances (1) ........................................................................ 74
Allowed HTTP Versions ................................................................................................................................................ 75
Allowed HTTP Versions Instances (1) .......................................................................................................................... 76
TLS Web Server Authentication Extension Not Supported .......................................................................................... 77
TLS Web Server Authentication Extension Not Supported Instances (1) .................................................................... 78
Security.txt File Not Detected ....................................................................................................................................... 79
Security.txt File Not Detected Instances (1) ................................................................................................................. 80
Performance Telemetry ................................................................................................................................................ 81
Performance Telemetry Instances (1) .......................................................................................................................... 82
SSL/TLS Cipher Suites Supported ............................................................................................................................... 83
SSL/TLS Cipher Suites Supported Instances (1) ......................................................................................................... 84

Scan Summary
Vulnerability Breakdown
0 0 3 11
CRITICAL HIGH MEDIUM LOW
Scan Details
NAME Checkpoint
STATUS Completed
CREATE TIME 03/24/2023 at 01:48 PM UTC
START TIME 03/24/2023 at 01:48 PM UTC
END TIME 03/24/2023 at 02:25 PM UTC
TEMPLATE Scan
SCANNER Scanner
TARGET https://10.162.0.199
DESCRIPTION -

Scan Notes
Severity Scan Notes Description
Info Authentication The scanner has identified an authentication mechanism which could prevent it from accessing application
Detected pages.

Scan Results
Vulnerabilities
Severity Plugin Id Name Family Instances

Medium 112495 SSL/TLS Self-Signed Certificate SSL/TLS 1
Medium 112541 SSL/TLS Certificate Common Name Mismatch SSL/TLS 1
Medium 98617 SSL/TLS Forward Secrecy Cipher Suites Not Supported SSL/TLS 1
Low 115540 Cookie Without SameSite Flag Detected Web Applications 2
Low 98063 Cookie Without HttpOnly Flag Detected Web Applications 1
Low 112551 Missing Content Security Policy HTTP Security Header 1
Low 112553 Missing 'Cache-Control' Header HTTP Security Header 1
Low 112563 SSL/TLS Certificate Lifetime Greater Than 398 Days SSL/TLS 1
Low 113332 Login Form Cross-Site Request Forgery Cross Site Request Forgery 1
Low 112539 SSL/TLS Weak Cipher Suites Supported SSL/TLS 1
Low 98064 Cookie Without Secure Flag Detected Web Applications 1
Low 98618 HTTP Header Information Disclosure HTTP Security Header 1
Low 112529 Missing 'X-Content-Type-Options' Header HTTP Security Header 1

SSL/TLS Forward Secrecy Cipher Suites Not Supported
VULNERABILITY MEDIUM PLUGIN ID 98617
Description
The remote host supports the use of SSL/TLS ciphers that does not offer forward secrecy (FS) also known as perfect
forward secrecy (PFS). It's a feature that provides assurances the session keys will not be compromised even if server's
private key is compromised.
Solution
Reconfigure the affected server to enable cipher suites providing forward secrecy (ECDHE or DHE based cipher suites).
See Also
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Plugin Details
PUBLICATION DATE 2019-06-12T00:00:00+00:00

MODIFICATION DATE 2022-11-10T00:00:00+00:00
FAMILY SSL/TLS
SEVERITY Medium
PLUGIN ID 98617
Risk Information
CVSSV3 BASE SCORE 6.5

CVSSV3 VECTOR CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSS BASE SCORE 5.8
CVSS VECTOR CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Reference Information
CWE 327
WASC Insufficient Transport Layer Protection
OWASP 2010-A9, 2013-A6, 2017-A3, 2021-A2, 2019-API7
CVE -
BID -

SSL/TLS Forward Secrecy Cipher Suites Not Supported
Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
Protocol Cipher Suite Name (RFC) Key Exchange Strength
-------------------------------------------------------------------------
TLS1.2 TLS_RSA_WITH_AES_128_CBC_SHA RSA 2048
TLS1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 RSA 2048
TLS1.2 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA RSA 2048
TLS1.2 TLS_RSA_WITH_AES_128_GCM_SHA256 RSA 2048
TLS1.2 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 RSA 2048
TLS1.2 TLS_RSA_WITH_ARIA_128_GCM_SHA256 RSA 2048
TLS1.2 TLS_RSA_WITH_AES_128_CCM RSA 2048
TLS1.2 TLS_RSA_WITH_AES_128_CCM_8 RSA 2048

SSL/TLS Self-Signed Certificate
Description
The remote server presents a self-signed SSL/TLS certificate not signed by a recognized certificate authority. If the remote
host is a public host in production, this nullifies the use of SSL/TLS as anyone could establish a man-in-the-middle attack
against the remote host.
Solution
Purchase or generate a new SSL/TLS certificate to replace the existing one.
See Also
Plugin Details

FAMILY SSL/TLS
SEVERITY Medium
PLUGIN ID 112495
Risk Information

CVSSV3 VECTOR CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS BASE SCORE 6.4
CVSS VECTOR CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE 295
WASC Insufficient Authorization
OWASP 2010-A7, 2021-A7, 2013-A6, 2017-A3, 2019-API7
CVE -
BID -

SSL/TLS Self-Signed Certificate Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
Certificate #1
--------------
Common Name:
Issuer: false
Valid from: 2022-07-27 17:22:14 UTC
Valid until: 2032-07-26 17:22:14 UTC (expires in 9 years, 4 months, 3 days)
Validity Period: 3652 days
Key: RSA 2048-bit
Signature: sha256WithRSAEncryption

SSL/TLS Certificate Common Name Mismatch
Description
The remote server presents a SSL/TLS certificate for which the Common Name and the Subject Alternative Name don't
match the server's hostname.
Solution
Purchase or generate a new SSL/TLS certificate with the right Common Name or Subject Alternative Name to replace the
existing one.
See Also
Plugin Details

FAMILY SSL/TLS
SEVERITY Medium
PLUGIN ID 112541
Risk Information

CVSSV3 VECTOR CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS BASE SCORE 5.0
CVSS VECTOR CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE 297
OWASP 2021-A7, 2010-A9, 2013-A6, 2017-A3, 2019-API7
CVE -
BID -

SSL/TLS Certificate Common Name Mismatch Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
Certificate #1
--------------
Common Name:
Issuer: false
Valid from: 2022-07-27 17:22:14 UTC
Key: RSA 2048-bit

Cookie Without HttpOnly Flag Detected
VULNERABILITY LOW PLUGIN ID 98063
Description
The HttpOnly flag assists in the prevention of client side-scripts (such as JavaScript) from accessing and using the cookie.
This can help prevent XSS attacks from targeting the cookies holding the client's session token (setting the HttpOnly flag
does not prevent, nor safeguard against XSS vulnerabilities themselves).
Solution
The initial step to remedy this would be to determine whether any client-side scripts (such as JavaScript) need to access the
cookie and if not, set the HttpOnly flag.
It should be noted that some older browsers are not compatible with the HttpOnly flag; therefore, setting this flag will not
protect those clients against this form of attack.
See Also
https://www.owasp.org/index.php/HttpOnly
Plugin Details

FAMILY Web Applications
SEVERITY Low
PLUGIN ID 98063
Risk Information

CVSSV3 VECTOR CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS BASE SCORE 2.6
CVSS VECTOR CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE 1004
WASC Application Misconfiguration
OWASP 2010-A9, 2013-A6, 2017-A3, 2021-A5
CVE -
BID -

Cookie Without HttpOnly Flag Detected Instances (1)
INSTANCE
https://10.162.0.199/
INPUT TYPE cookie

INPUT NAME cookieName
Identification
PROOF
cookieName=cookievalue; Path=/
OUTPUT
The scanner detected a cookie named 'cookieName' that does not set the HttpOnly flag.
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
Accept-Language=en-US,en;q=0.5
Upgrade-Insecure-Requests=1
User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:04 GMT
Server: CPWS
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Connection: close
Set-Cookie: Session=Login;path=/; secure; HttpOnly
X-UA-Compatible: IE=EmulateIE8
Transfer-Encoding: chunked
Content-Type: text/html

Cookie Without Secure Flag Detected
Description
When the `secure` flag is set on a cookie, the browser will prevent it from being sent over a clear text channel (HTTP) and
only allow it to be sent when an encrypted channel is used (HTTPS).
The scanner discovered that a cookie was set by the server without the secure flag being set. Although the initial setting of
this cookie was via an HTTPS connection, any HTTP link to the same server will result in the cookie being sent in clear text.
Note that if the cookie does not contain sensitive information, the risk of this vulnerability is mitigated.
Solution
If the cookie contains sensitive information, then the server should ensure that the cookie has the `secure` flag set.
See Also
https://www.owasp.org/index.php/SecureFlag
Plugin Details

SEVERITY Low
PLUGIN ID 98064
Risk Information

CVSS BASE SCORE 2.6
CWE 614
OWASP 2010-A9, 2013-A6, 2017-A3, 2021-A5
CVE -
BID -

Cookie Without Secure Flag Detected Instances (1)
INSTANCE
https://10.162.0.199/
INPUT TYPE cookie

Identification
PROOF
Set-Cookie: cookieName=cookievalue; Path=/
OUTPUT
The scanner detected a cookie named 'cookieName' without the Secure flag set.
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:04 GMT
Server: CPWS
Connection: close

HTTP Header Information Disclosure
Description
The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version
and technologies used by the web server.
Solution
Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server.
See Also
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
http://projects.webappsec.org/w/page/13246925/Fingerprinting
Plugin Details

FAMILY HTTP Security Header
SEVERITY Low
PLUGIN ID 98618
Risk Information

CVSS BASE SCORE 2.6
CWE 200
WASC Information Leakage
OWASP 2017-A6, 2021-A1, 2013-A5, 2010-A6, 2019-API7
CVE -
BID -

HTTP Header Information Disclosure Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
The following header information disclosures have been detected on https://10.162.0.199/:
- Server: CPWS
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

Missing 'X-Content-Type-Options' Header
Description
The HTTP 'X-Content-Type-Options' response header prevents the browser from MIME-sniffing a response away from the
declared content-type.
The server did not return a correct 'X-Content-Type-Options' header, which means that this website could be at risk of a
Cross-Site Scripting (XSS) attack.
Solution
Configure your web server to include an 'X-Content-Type-Options' header with a value of 'nosniff'.
See Also
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto
Plugin Details

SEVERITY Low
PLUGIN ID 112529
Risk Information

CVSS BASE SCORE 2.6
CWE 693
OWASP 2010-A6, 2013-A5, 2017-A6, 2019-API7
CVE -
BID -

Missing 'X-Content-Type-Options' Header Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
The scanner detected the lack of a correct X-Content-Type-Options header configuration in the target application
response
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

SSL/TLS Weak Cipher Suites Supported
Description
The remote host supports the use of SSL/TLS ciphers that offer weak encryption (including RC4 and 3DES encryption).
Solution
Reconfigure the affected application, if possible to avoid the use of weak ciphers.
See Also
Plugin Details

FAMILY SSL/TLS
SEVERITY Low
PLUGIN ID 112539
Risk Information

CVSSV3 VECTOR CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS BASE SCORE 2.6
CWE 326
OWASP 2010-A7, 2013-A6, 2017-A3, 2021-A2, 2019-API7
CVE -
BID -

SSL/TLS Weak Cipher Suites Supported Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
-------------------------------------------------------------------------------
TLS1.2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE_RSA 2048
TLS1.2 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE_RSA 2048
TLS1.2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE_RSA 2048
TLS1.2 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DHE_RSA 2048
TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA x25519 256
TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 x25519 256
TLS1.2 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 x25519 256

Missing Content Security Policy
Description
Content Security Policy (CSP) is a web security standard that helps to mitigate attacks like cross-site scripting (XSS),
clickjacking or mixed content issues. CSP provides mechanisms to websites to restrict content that browsers will be allowed
to load.
No CSP header has been detected on this host. This URL is flagged as a specific example.
Solution
Configure Content Security Policy on your website by adding 'Content-Security-Policy' HTTP header or meta tag http-
equiv='Content-Security-Policy'.
See Also
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://csp-evaluator.withgoogle.com/
https://content-security-policy.com/
https://developers.google.com/web/fundamentals/security/csp/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Plugin Details

SEVERITY Low
PLUGIN ID 112551
Risk Information

CVSS BASE SCORE 2.6
CWE 1021
OWASP 2017-A6, 2021-A4, 2013-A5, 2010-A6, 2019-API7
CVE -
BID -

Missing Content Security Policy Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
https://10.162.0.199/ has no Content Security Policy defined.
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

Missing 'Cache-Control' Header
Description
The HTTP 'Cache-Control' header is used to specify directives for caching mechanisms.
The server did not return or returned an invalid 'Cache-Control' header which means page containing sensitive information
(password, credit card, personal data, social security number, etc) could be stored on client side disk and then be exposed
to unauthorised persons. This URL is flagged as a specific example.
Solution
Configure your web server to include a 'Cache-Control' header with appropriate directives. If page contains sensitive
information 'Cache-Control' value should be 'no-store' and 'Pragma' header value should be 'no-cache'.
See Also
https://www.owasp.org/index.php/Testing_for_Browser_cache_weakness_(OTG-AUTHN-006)
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Pragma
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
Plugin Details

SEVERITY Low
PLUGIN ID 112553
Risk Information

CVSSV3 VECTOR CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS BASE SCORE 2.6
CWE 525
OWASP 2017-A6, 2021-A4, 2013-A5, 2010-A6, 2019-API7
CVE -
BID -

Missing 'Cache-Control' Header Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
https://10.162.0.199/ has no Cache Control header defined.
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

SSL/TLS Certificate Lifetime Greater Than 398 Days
Description
The remote server certificate has a lifetime greater than 398 days and was issued after September 1st 2020. According to
industry standards set by the Certification Authority/Browser (CA/B) Forum, some browser SSL implementations may reject
certificates with a validity period greater than 398 days issued after September 1, 2020.
Solution
Replace the certificate with a new certificate with less than 398 days validity.
See Also
https://support.apple.com/en-us/HT211025
https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/
https://www.theregister.com/2020/06/30/tls_cert_lifespan/
Plugin Details

FAMILY SSL/TLS
SEVERITY Low
PLUGIN ID 112563
Risk Information

CVSSV3 VECTOR CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS BASE SCORE 3.2
CVSS VECTOR CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N
CWE 326
OWASP 2010-A7, 2013-A6, 2017-A3, 2021-A2, 2019-API7
CVE -
BID -

SSL/TLS Certificate Lifetime Greater Than 398 Days Instances
(1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
Certificate #1
--------------
Common Name:
Issuer: false
Valid from: 2022-07-27 17:22:14 UTC
Key: RSA 2048-bit

Login Form Cross-Site Request Forgery
Description
Cross Site Request Forgery (CSRF) occurs when an user is tricked into clicking on a link which would automatically submit a
request without the user's consent.
This can be made possible when the request does not include an anti-CSRF token, generated each time the request is
visited and passed when the request is submitted, and which can be used by the web application backend to verify that the
request originates from a legitimate user.
Exploiting requests vulnerable to Cross-Site Request Forgery requires different factors:
- The request must perform a sensitive action.
- The attacker must make the victim click on a link to send the request without their consent.
The exploitation of this vulnerability will in most cases have a very limited impact. However, it is possible to create complex
scenarios in case the application is also vulnerable to Cross-Site Scripting.
Solution
Update the application by adding support of anti-CSRF tokens on this login form.
Most web frameworks provide either built-in solutions or have plugins that can be used to easily add these tokens to any
form. Check the references for possible solutions provided for the most known frameworks.
See Also
https://codex.wordpress.org/WordPress_Nonces
https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/csrf_paper.pdf
https://www.drupal.org/docs/7/security/writing-secure-code/create-forms-in-a-safe-way-to-avoid-cross-site-request-forgeries
https://symfony.com/doc/current/form/csrf_protection.html
http://en.wikipedia.org/wiki/Cross-site_request_forgery
https://docs.djangoproject.com/en/1.11/ref/csrf/
http://www.cgisecurity.com/csrf-faq.html
https://www.owasp.org/index.php/Testing_for_CSRF_(OTG-SESS-005)
https://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Plugin Details

FAMILY Cross Site Request Forgery
SEVERITY Low
PLUGIN ID 113332

Risk Information

CVSSV3 VECTOR CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS BASE SCORE 2.6
CVSS VECTOR CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE 352
WASC Cross-Site Request Forgery
OWASP 2010-A5, 2013-A8, 2021-A1, 2019-API7
CVE -
BID -

Login Form Cross-Site Request Forgery Instances (1)
INSTANCE
https://10.162.0.199/
INPUT TYPE form

INPUT NAME id:ext-gen7
Identification
PROOF
<form class="x-panel-body x-panel-body-noheader x-panel-body-noborder x-form" method="post" id="ext-gen7" style="width:
339px; height: 246px;">
<input type="text" size="20" autocomplete="off" id="txtUserName" name="userName" class=" x-form-text x-form-field x-
form-focus" style="width: 262px;">
</input>
<input type="password" size="20" autocomplete="off" id="txtPwd" name="userPass" class=" x-form-text x-form-field"
style="width: 262px;">
</input>
<button type="button" id="ext-gen27" class=" x-btn-text login_button_icon">
LOGIN
</button>
</form>
OUTPUT
No anti-CSRF token could have been found in the login form with ID ext-gen7.
By requesting it several times, the scanner could not find any dynamic input field that would generate a token used by
the application to confirm the user intention to submit this form.
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

Cookie Without SameSite Flag Detected
Description
SameSite is an attribute which can be set on a cookie to instruct the web browser if this cookie can be sent along with cross-
site requests to help prevent Cross-Site Request Forgery (CSRF) attacks.
The attribute has three possible values :
- Strict : the cookie will only be sent in a first-party context, thus preventing cross-site requests initiated from third-party
websites to include it.
- Lax : the cookie is allowed to be sent in GET cross-site requests initiated by the top-level navigation from third-party
websites. For example, following an hypertext link from the external website will make the request include the cookie.
- None : the cookie is explicitly set to be sent by the browser in any context.
The scanner identified the lack of SameSite attribute on cookies set by the application or a misconfiguration.
Solution
Web browsers default behavior may differ when processing cookies in a cross-site context, making the final decision to send
the cookie in this context unpredictable. The SameSite attribute should be set in every cookie to enforce the expected result
by developers. When using the 'None' attribute value, ensure that the cookie is also set with the 'Secure' flag.
See Also
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#samesite-
cookie-attribute
https://web.dev/samesite-cookies-explained
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Plugin Details

SEVERITY Low
PLUGIN ID 115540
Risk Information

CVSS BASE SCORE 2.6

CWE 352
WASC Cross-Site Request Forgery
OWASP 2010-A5, 2013-A8, 2021-A1, 2019-API7
CVE -
BID -

Cookie Without SameSite Flag Detected Instances (2)
INSTANCE
https://10.162.0.199/
INPUT TYPE cookie

Identification
PROOF
cookieName=cookievalue; Path=/
OUTPUT
The scanner detected a cookie named 'cookieName' which does not have the 'SameSite' attribute set.
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:04 GMT
Server: CPWS
Connection: close
INSTANCE
https://10.162.0.199/
INPUT TYPE cookie

INPUT NAME Session
Identification
PROOF
Session=Login; Path=/; Secure; HttpOnly
OUTPUT
The scanner detected a cookie named 'Session' which does not have the 'SameSite' attribute set.

HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

Scan Information
VULNERABILITY INFO PLUGIN ID 98000
Description
Provides scan information and statistics of plugins run.
Solution
See Also
Plugin Details

FAMILY General
SEVERITY Info
PLUGIN ID 98000
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Scan Information Instances (1)
INSTANCE
https://10.162.0.199
Identification
OUTPUT
Engine Version 1.55.2-882

Plugins Version
Scan ID 75736bf2-9b8f-4b33-a186-4870a69b3534
Start Time 2023-03-24 09:48:57 -0400

Duration 00:35:59
Requests 13870
Crawler Requests 14
Requests/s 10.592
Mean Response Time 0.8164s
Bandwidth Usage
- Data to Target 8.01 MB
- Data from Target 16.2 MB
Timeouts Encountered
Network Timeouts 1
Browser Timeouts 0
Browser Respawns 0
HTTP Protocols Detected

- HTTP
- HTTPs
Authentication Identified
- None
Plugins
- 477 have been included per scan policy
- 397 have been started based on target information collected
List of plugins is available in 'plugins.csv' attachment.
Settings used to conduct this scan are available in 'configuration.csv' attachment.

Web Application Sitemap
Description
Publishes the sitemap of the web application as seen by the scan.
The list of all URLs that have been detected during the scan are available as an attachment. For each URL in the sitemap,
the following information is provided:
- The first time the URL is detected - The logic used to detect the URL. This information may be found by: crawling rendering
the page by a specific plugin - The parent URL requested to detect the URL - If the URL has been requested at least once,
information about the response - Whether or not the URL has been queued for audit - If the URL has not been queued for
audit, the reason why the URL does not need an audit - Whether or not the URL has been effectively audited - If the URL
has not been effectively audited, the reason that the scanner was unable to audit the URL
Reasons for not adding a URL to the audit queue are as follows:
- not_in_domain: The domain of the URL does not match main target URL - scope_configuration: The URL does not match
scope include list scan settings - directory_depth: The number of directories in the URL path exceeds the scan configuration
setting - exclude_file_extension: The URL file extension matched one entry of the file extension blacklist setting -
exclude_path_patterns: The URL matched one entry of the URL exclusion blacklist setting - redundant_path: The number of
URLs to be audited with the same path and query string parameters has been reached - request_redirect_limit: The number
of HTTP redirects allowed per scan configuration setting has been reached - queue_full: The number of URLs to audit has
been reached
If a scan fails to audit a URL that has been queued for audit, reasons for the failure are as follows:
- timeout: The request timed out when trying to retrieve URL contents - filesize_exceeded: URL response exceeded file size
limit defined in the scan configuration - scan_timelimit_reached: The URL couldn’t be audited before the scan time limit -
user_abort: The user stopped the scan before the URL could be audited
Solution
See Also
Plugin Details

FAMILY General
SEVERITY Info
PLUGIN ID 98009
Risk Information

CVSSV3 BASE SCORE -
CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Web Application Sitemap Instances (1)
INSTANCE
https://10.162.0.199
Identification
OUTPUT
The scan has discovered 8 distinct URLs.
The following is a breakdown of which URLs were audited:
- 1 effectively audited
- 6 not queued due to file extension exclusions
- 1 not queued due to the URL containing a fragment which is a feature of browsers and not included in HTTP requests.
The page being referred to by the fragment shall still be audited by the scanner.
For URLs we received responses for, here is a distribution of the content type headers:
- 3 application/javascript
- 2 text/css
- 2 text/html
Response times ranged between 0.058593s and 0.74607s.
You can access the complete list of URLs with the information collected by the scan as an attachment to this plugin.

Network Timeout Encountered
Description
Provides a report of network timeouts encountered during the scan, showing URLs and the number of timeouts for each
URL.
Note that assessment will stop on any URLs in timeout state, and timeouts may increase significantly the overall duration of
the scan.
Solution
Check your web application logs and verify that it is functioning as expected and can handle significant amounts of traffic
generated by the scanner.
Additionally, the scan policy may be edited to optimize the performance settings.
See Also
Plugin Details

FAMILY General
SEVERITY Info
PLUGIN ID 98019
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Network Timeout Encountered Instances (1)
INSTANCE
https://10.162.0.199
Identification
OUTPUT
The scanner encountered 1 network timeout during the scan. See the attachment for more details

Login Form Detected
Description
This is an informational notice that the scanner identified a potential login form that could be used by the scanner to
authenticate and have access to additional pages for extending its coverage.
Solution
Edit scan policy and add login form authentication credentials to allow scanner to authenticate to the web application.
See Also
Plugin Details

FAMILY Authentication & Session
SEVERITY Info
PLUGIN ID 98033
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Login Form Detected Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
Potential login form has been identified in URL 'https://10.162.0.199/' with following fields:
- userName (TEXT)
- userPass (PASSWORD)
- ext-gen27 (BUTTON)
To perform authenticated scan, configure your scan and add 'Login Form' authentication, with the URL associated to this
plugin and as login parameters values for the above non-hidden fields.
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

Allowed HTTP Methods
Description
There are a number of HTTP methods that can be used on a webserver (`OPTIONS`, `HEAD`, `GET`, `POST`, `PUT`,
`DELETE` etc.). Each of these methods perform a different function and each have an associated level of risk when their
use is permitted on the webserver.
By sending an HTTP OPTIONS request and a direct HTTP request for each method, the scanner discovered the methods
that are allowed by the server.
Solution
It is recommended that a whitelisting approach be taken to explicitly permit only the HTTP methods required by the
application and block all others.
See Also
http://httpd.apache.org/docs/2.2/mod/core.html#limitexcept
Plugin Details

SEVERITY Info
PLUGIN ID 98047
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Allowed HTTP Methods Instances (1)
INSTANCE
https://10.162.0.199
Identification
OUTPUT
The scanner was able to identify several HTTP methods that can be used for one or several URLs. The results are
available as attachments.

Interesting Response
Description
The scanner identified some responses with a status code other than the usual 200 (OK), 301 (Moved Permanently), 302
(Found) and 404 (Not Found) codes. These codes can provide useful insights into the behavior of the web application and
identify any unexpected responses to be addressed.
Solution
See Also
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
Plugin Details

SEVERITY Info
PLUGIN ID 98050
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Interesting Response Instances (1)
INSTANCE
https://10.162.0.199/
Identification
PROOF
HTTP/1.1 400 Bad Request
OUTPUT
A response has been received with a response code '400' which may require further investigation to verify if this
response is due to an abnormal behavior of the target.
The response has been triggered by an HTTP GET request made on the URL 'https://10.162.0.199/'.
HTTP Info
REQUEST MADE
GET / HTTP/1.1
REQUEST HEADERS
Host: 10.162.0.199
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Accept: */*
Accept-Language: en-US,en;q=0.5
Upgrade-Insecure-Requests: 1
/../web-Inf/web.xml: tenable_wasscan_name_fuzz
Cookie: Session=Login; cookieName=cookievalue
RESPONSE HEADERS
HTTP/1.1 400 Bad Request
Date: Fri, 24 Mar 2023 13:51:12 GMT
Server: CPWS
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

Cookies Collected
Description
The scanner collected the cookies returned by the application during the scan. The list includes the following information for
each cookie:
- Name: name of the cookie
- Value: value of the cookie
- Domain: hosts to which the cookie will be sent
- Path: URL path which must exist in the requested resource before sending the cookie
- Expires: maximum lifetime of the cookie as an HTTP-date timestamp
- Max-Age: number of seconds until the cookie expires
- HttpOnly: cookie is set to be not accessible via JavaScript, XMLHttpRequest and Request APIs
- Secure: cookie will be sent to the server only when a request is made using HTTPS
- SameSite: cookie will be sent along with cross-site request according the defined policy
- URL: first URL discovered which set the cookie in its response
- Set-Method: method used by the application to set the cookie (Set-Cookie or JavaScript)
- Audited: cookie will be audited by plugins during the scan
- Reason Not Audited: reason given for the cookie not being audited during the scan
Solution
See Also
https://en.wikipedia.org/wiki/HTTP_cookie
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
https://tools.ietf.org/html/rfc6265
Plugin Details

SEVERITY Info
PLUGIN ID 98061
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -

CWE -
WASC -
OWASP -
CVE -
BID -

Cookies Collected Instances (1)
INSTANCE
https://10.162.0.199
Identification
OUTPUT
The following cookies have been collected during the scan of the target:
- 1 cookie(s) specified via Set-Cookie
- 3 cookie(s) set via JavaScript code
The complete list of the cookies is available in attachment.

Target Information
Description
Publishes the target information of the starting url as evaluated by the scan.
Solution
See Also
Plugin Details

FAMILY General
SEVERITY Info
PLUGIN ID 98136
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Target Information Instances (1)
INSTANCE
https://10.162.0.199
Identification
OUTPUT
Access to URL 'https://10.162.0.199' has been confirmed.
Target Information
------------------------
Domain Name : IP could not resolve to a name

IP Address : 10.162.0.199
Response Information
---------------------------
Status Code : 200

Response Code : ok
Response Time : 0.058593s
Response Size : 1407 bytes
Content-Type : text/html
HTTP Info
REQUEST MADE
GET / HTTP/1.1
REQUEST HEADERS
Host: 10.162.0.199
Accept: */*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:00 GMT
Server: CPWS
Connection: close

Screenshot
Description
Screenshot of the target web page, see attached image. This screenshot should show you the target page we are launching
the scan against. If the image is not of the intended target page, please check the provided url in the scan configuration.
Solution
See Also
Plugin Details

FAMILY General
SEVERITY Info
PLUGIN ID 98138
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Screenshot Instances (1)
INSTANCE
https://10.162.0.199
Identification
OUTPUT
WAS Scanner has taken a screenshot of the page at url 'https://10.162.0.199' with dimensions 1600x1200.
Please see the attachment for the screenshot image.

Form Detected
Description
The scanner has detected the presence of a form during the crawling of the target web application. Details about the form
are provided in the plugin output.
Solution
See Also
Plugin Details

SEVERITY Info
PLUGIN ID 98148
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Form Detected Instances (1)
INSTANCE
https://10.162.0.199/
INPUT TYPE form

INPUT NAME id:ext-gen7
Identification
OUTPUT
A form with identifier id `ext-gen7` has been detected on the following URL https://10.162.0.199/ with input fields :
- userName (text)
- userPass (password)
- ext-gen27 (button)
This form is submitted by using the following action : https://10.162.0.199/
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

Missing Permissions Policy
Description
Permissions Policy provides mechanisms to websites to restrict the use of browser features in its own frame and in iframes
that it embeds.
Solution
Configure Permissions Policy on your website by adding 'Permissions-Policy' HTTP header.
See Also
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/
Plugin Details

SEVERITY Info
PLUGIN ID 98526
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Missing Permissions Policy Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
No Permissions-Policy headers were found on https://10.162.0.199/
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

Missing Referrer Policy
Description
Referrer Policy provides mechanisms to websites to restrict referrer information (sent in the referer header) that browsers
will be allowed to add.
No Referrer Policy header or metatag configuration has been detected.
Solution
Configure Referrer Policy on your website by adding 'Referrer-Policy' HTTP header or meta tag referrer in HTML.
See Also
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Plugin Details

SEVERITY Info
PLUGIN ID 98527
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Missing Referrer Policy Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
No Referrer-Policy headers or body meta tags were found on https://10.162.0.199/
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

Missing 'Expect-CT' Header
Description
The Expect-CT header allows sites to opt in to reporting and or enforcement of Certificate Transparency requirements,
which prevents the use of misissued certificates for that site from going unnoticed. This URL is flagged as a specific
example.
The Expect-CT will likely become obsolete in June 2021. Since May 2018 new certificates are expected to support SCTs by
default. Certificates before March 2018 were allowed to have a lifetime of 39 months, those will all be expired in June 2021.
Solution
If your certificate supports SCT (Signed Certificate Timestamp) by default, the Expect-CT header is not required.
See Also
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
Plugin Details

SEVERITY Info
PLUGIN ID 98612
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE 693
OWASP -
CVE -
BID -

Missing 'Expect-CT' Header Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
The Expect-CT header was not detected on https://10.162.0.199/
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

SSL/TLS Certificate Information
Description
This plugin displays information about the X.509 certificate extracted from the HTTPS connection.
Solution
See Also
Plugin Details

FAMILY SSL/TLS
SEVERITY Info
PLUGIN ID 112491
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

SSL/TLS Certificate Information Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
Certificate 1
--------------
Common Name:
Issuer: false
Valid from: 2022-07-27 17:22:14 UTC
Key: RSA 2048-bit

Missing 'X-XSS-Protection' Header
Description
The HTTP 'X-XSS-Protection' response header is a feature of modern browsers that allows websites to control their XSS
auditors.
The server is not configured to return a 'X-XSS-Protection' header which means that any pages on this website could be at
risk of a Cross-Site Scripting (XSS) attack. This URL is flagged as a specific example.
If legacy browsers support is not needed, it is recommended to use Content-Security-Policy without allowing unsafe-inline
scripts instead.
Solution
Configure your web server to include an 'X-XSS-Protection' header with a value of '1; mode=block' on all pages.
See Also
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xxxsp
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
Plugin Details

SEVERITY Info
PLUGIN ID 112526
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Missing 'X-XSS-Protection' Header Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
The scanner detected the lack of X-XSS-Protection header in the target application response.
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

SSL/TLS Versions Supported
Description
This plugin displays information about the SSL/TLS versions supported by remote server for HTTPS connection.
Solution
See Also
Plugin Details

FAMILY SSL/TLS
SEVERITY Info
PLUGIN ID 112530
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

SSL/TLS Versions Supported Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
Protocol Supported
---------------------
SSL 2.0 No
SSL 3.0 No
TLS 1.0 No
TLS 1.1 No
TLS 1.2 Yes
TLS 1.3 No

HTTP Strict Transport Security Policy Detected
Description
HTTP Strict Transport Security (HSTS) is an optional response header that can be configured on the server to instruct the
browser to only communicate via HTTPS.
The HSTS policy can be defined with the following settings :
- max-age: the time, in seconds, that the browser should remember that a site is only to be accessed in HTTPS.
- includeSubDomains (optional) : if this attribute is specified, the policy applies to all current site subdomains.
- preload (optional) : Google maintains a compiled list of domains which is directly distributed in some browsers to enforce
HTTPS without checking for the HSTS HTTP header. As the domain submission process is public, the preload attribute is
used as a validation when a domain is submitted for preloading.
The scanner detected a HSTS policy on the target application.
Solution
See Also
https://tools.ietf.org/html/rfc6797
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
https://www.chromium.org/hsts
https://hstspreload.org/
Plugin Details

SEVERITY Info
PLUGIN ID 112535
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -

CWE -
WASC -
OWASP -
CVE -
BID -

HTTP Strict Transport Security Policy Detected Instances (1)
INSTANCE
https://10.162.0.199/
Identification
PROOF
OUTPUT
The scanner detected the following HSTS policy on the target application :
- URL: https://10.162.0.199/
- max-age: 31536000 seconds (about 365 days 0 hours 0 minutes 0 seconds)
- includeSubDomains: true
- preload: false
HTTP Info
REQUEST MADE
GET https://10.162.0.199/
REQUEST HEADERS
Accept=*/*
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:49:02 GMT
Server: CPWS
Connection: close

SSL/TLS Server Cipher Suite Preference Not Detected
Description
The remote server is not configured with a SSL/TLS cipher suite preference list, making the cipher suite selection during the
negotiation use the ordered list from the client.
Solution
See Also
https://wiki.mozilla.org/Security/Server_Side_TLS
http://www.exploresecurity.com/testing-for-cipher-suite-preference/
Plugin Details

FAMILY SSL/TLS
SEVERITY Info
PLUGIN ID 112599
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

SSL/TLS Server Cipher Suite Preference Not Detected
Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
The scanner detected that the remote host is not configured with a cipher suite preference for the following protocol
(s) : TLS v1.2

Allowed HTTP Versions
Description
The Hypertext Transfer Protocol (HTTP) is the underlying protocol of the World Wide Web. Since its first release, HTTP has
evolved to support modern web usages and currently exists in three versions:
- HTTP/1.0
- HTTP/1.1
- HTTP/2
The scanner identified the supported versions of the HTTP protocol on the target web application.
Solution
See Also
https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Evolution_of_HTTP
Plugin Details

SEVERITY Info
PLUGIN ID 112613
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Allowed HTTP Versions Instances (1)
INSTANCE
https://10.162.0.199
Identification
OUTPUT
The scanner detected the following HTTP versions on the target application :
- HTTP/1.1
The list of requests and responses observed is provided in attachment.

TLS Web Server Authentication Extension Not Supported
Description
The remote server TLS certificate does not have a Extended Key Usage (EKU) extension specifying the id-kp-serverAuth
OID.
Solution
Replace the TLS certificate with a new certificate containing an Extended Key Usage extension (EKU) containing the correct
id-kp-serverAuth OID.
See Also
https://tools.ietf.org/html/rfc5280#page-44
https://www.openssl.org/docs/manmaster/man5/x509v3_config.html
Plugin Details

FAMILY SSL/TLS
SEVERITY Info
PLUGIN ID 112650
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

TLS Web Server Authentication Extension Not Supported
Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
Certificate does not have Extended Key Usage attribute extension containing the TLS Web Server Authentication OID

Security.txt File Not Detected
Description
A Security.txt file has not been detected on the target.
When security risks in web services are discovered by independent security researchers, this file defines the channels to
disclose them properly & enables 3rd party researchers to disclose issues securely in a manner defined by the organization.
Organizations should consider creating a security.txt file containing contact and other information in the defined format and
place it under the .well-known directory of the server.
Solution
See Also
https://securitytxt.org/
https://tools.ietf.org/html/draft-foudil-securitytxt-11
Plugin Details

FAMILY Web Servers
SEVERITY Info
PLUGIN ID 112723
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Security.txt File Not Detected Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
No or a malformed security.txt was found at https://10.162.0.199/.well-known/security.txt
HTTP Info
REQUEST MADE
GET /.well-known/security.txt HTTP/1.1
REQUEST HEADERS
Host: 10.162.0.199
Accept: */*
Cookie: Session=Login; cookieName=cookievalue
RESPONSE HEADERS
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 13:59:37 GMT
Server: CPWS
Connection: close

Performance Telemetry
Description
This finding provides information to assist in scan performance tuning.
Solution
See Also
Plugin Details

FAMILY General
SEVERITY Info
PLUGIN ID 113393
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

Performance Telemetry Instances (1)
INSTANCE
https://10.162.0.199
Identification
OUTPUT
Three attachments are included in this finding to assist in performance tuning of your scan:
-pages_telemetry.csv: Scan statistics organized by page
-plugins_telemetry.csv: Scan statistics organized by plugin
-time_telemetry.csv: Chronological scan statistics

SSL/TLS Cipher Suites Supported
Description
This plugin displays supported SSL/TLS cipher suites.
Solution
See Also
Plugin Details

FAMILY SSL/TLS
SEVERITY Info
PLUGIN ID 115491
Risk Information
CVSSV3 BASE SCORE -

CVSSV3 VECTOR -
CVSS BASE SCORE -
CVSS VECTOR -
CWE -
WASC -
OWASP -
CVE -
BID -

SSL/TLS Cipher Suites Supported Instances (1)
INSTANCE
https://10.162.0.199/
Identification
OUTPUT
-------------------------------------------------------------------------------
TLS1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE_RSA 2048
TLS1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE_RSA 2048
TLS1.2 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DHE_RSA 2048
TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 x25519 256
TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 x25519 256
TLS1.2 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE_RSA 2048
TLS1.2 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE_RSA 2048
TLS1.2 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 x25519 256
TLS1.2 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 x25519 256
TLS1.2 TLS_DHE_RSA_WITH_AES_128_CCM DHE_RSA 2048
TLS1.2 TLS_DHE_RSA_WITH_AES_256_CCM DHE_RSA 2048
TLS1.2 TLS_DHE_RSA_WITH_AES_128_CCM_8 DHE_RSA 2048
TLS1.2 TLS_DHE_RSA_WITH_AES_256_CCM_8 DHE_RSA 2048

WAS Checkpoint Https 10 162 0 199

Uploaded by

Copyright:

Available Formats

WAS Checkpoint Https 10 162 0 199

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WAS Checkpoint Https 10 162 0 199

Uploaded by

Copyright:

Available Formats

Web Application Scanning Detailed Scan

Scan Notes ......................................................................................................................... 5

Scan Results ...................................................................................................................... 6

SSL/TLS Forward Secrecy Cipher Suites Not Supported .............................................................................................. 7

Web Application Scanning Detailed Scan Export: Checkpoint Page 2 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 3 of 84

CREATE TIME 03/24/2023 at 01:48 PM UTC

START TIME 03/24/2023 at 01:48 PM UTC

END TIME 03/24/2023 at 02:25 PM UTC

Web Application Scanning Detailed Scan Export: Checkpoint Page 4 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 5 of 84

Severity Plugin Id Name Family Instances

Web Application Scanning Detailed Scan Export: Checkpoint Page 6 of 84

PUBLICATION DATE 2019-06-12T00:00:00+00:00

CVSSV3 BASE SCORE 6.5

Web Application Scanning Detailed Scan Export: Checkpoint Page 7 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 8 of 84

Purchase or generate a new SSL/TLS certificate to replace the existing one.

PUBLICATION DATE 2018-11-23T00:00:00+00:00

CVSSV3 BASE SCORE 6.5

Web Application Scanning Detailed Scan Export: Checkpoint Page 9 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 10 of 84

PUBLICATION DATE 2019-02-05T00:00:00+00:00

CVSSV3 BASE SCORE 5.3

Web Application Scanning Detailed Scan Export: Checkpoint Page 11 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 12 of 84

PUBLICATION DATE 2017-03-31T00:00:00+00:00

CVSSV3 BASE SCORE 3.1

Web Application Scanning Detailed Scan Export: Checkpoint Page 13 of 84

INPUT TYPE cookie

Web Application Scanning Detailed Scan Export: Checkpoint Page 14 of 84

PUBLICATION DATE 2017-03-31T00:00:00+00:00

CVSSV3 BASE SCORE 3.1

Web Application Scanning Detailed Scan Export: Checkpoint Page 15 of 84

INPUT TYPE cookie

Web Application Scanning Detailed Scan Export: Checkpoint Page 16 of 84

PUBLICATION DATE 2019-06-12T00:00:00+00:00

CVSSV3 BASE SCORE 3.1

Web Application Scanning Detailed Scan Export: Checkpoint Page 17 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 18 of 84

PUBLICATION DATE 2018-11-28T00:00:00+00:00

CVSSV3 BASE SCORE 3.1

Web Application Scanning Detailed Scan Export: Checkpoint Page 19 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 20 of 84

PUBLICATION DATE 2019-01-21T00:00:00+00:00

CVSSV3 BASE SCORE 3.7

Web Application Scanning Detailed Scan Export: Checkpoint Page 21 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 22 of 84

PUBLICATION DATE 2019-02-14T00:00:00+00:00

CVSSV3 BASE SCORE 3.1

Web Application Scanning Detailed Scan Export: Checkpoint Page 23 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 24 of 84

PUBLICATION DATE 2019-02-15T00:00:00+00:00

CVSSV3 BASE SCORE 3.7

Web Application Scanning Detailed Scan Export: Checkpoint Page 25 of 84

Web Application Scanning Detailed Scan Export: Checkpoint Page 26 of 84

PUBLICATION DATE 2020-09-17T00:00:00+00:00

CVSSV3 BASE SCORE 4.2

Web Application Scanning Detailed Scan Export: Checkpoint Page 27 of 84