0% found this document useful (0 votes)

26 views

Quickscan Web Zero Tg75bn

Uploaded by

Desya kristian

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

26 views

Quickscan Web Zero Tg75bn

Uploaded by

Desya kristian

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 34

ly

On
se
lU
quickscan-web-zero
Report generated by Nessus™ Wed, 31 Jul 2024 11:53:01 SE Asia Standard Time
ria
rT
Fo
TABLE OF CONTENTS

Vulnerabilities by Plugin
• 112543 (1) - HTTPS Not Detected........................................................................................................................... 4

• 98057 (1) - Insecure 'Access-Control-Allow-Origin' Header..................................................................................6

• 98060 (1) - Missing 'X-Frame-Options' Header......................................................................................................8

ly
98618 (1) - HTTP Header Information Disclosure...............................................................................................10

• 112529 (1) - Missing 'X-Content-Type-Options' Header..................................................................................... 12

On
112551 (1) - Missing Content Security Policy...................................................................................................... 14

• 98000 (1) - Scan Information.................................................................................................................................16

• 98009 (1) - Web Application Sitemap................................................................................................................... 18

• 98059 (1) - Technologies Detected....................................................................................................................... 20

•
•
se
98136 (1) - Target Information.............................................................................................................................. 21

98138 (1) - Screenshot........................................................................................................................................... 23

• 98154 (1) - External URLs.......................................................................................................................................24

lU
• 98526 (1) - Missing Permissions Policy................................................................................................................ 25

• 98527 (1) - Missing Referrer Policy.......................................................................................................................27

• 98772 (1) - Fetch/XHR Detected............................................................................................................................ 29

ria

• 112526 (1) - Missing 'X-XSS-Protection' Header.................................................................................................. 30

• 112616 (1) - API Detected...................................................................................................................................... 32

• 113393 (1) - Performance Telemetry....................................................................................................................33

• 172036 (1) - Web Application Scanner................................................................................................................. 34

Fo
ly
On
se
lU
Vulnerabilities by Plugin
ria
rT
Fo
112543 (1) - HTTPS Not Detected

Synopsis

HTTPS Not Detected

Description

HTTPS is a protocol that protects the integrity and confidentiality of data between client and server. HTTPS

ly
is highly recommended to protect connections to website regardless of its content.

See Also

On
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet

Solution

Enable HTTPS following best practices.

Risk Factor
se
High
lU
CVSS v3.0 Base Score

7.4 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
ria

CVSS v2.0 Base Score

7.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N)

References
rT

XREF CWE:319 WASC:Insufficient Transport Layer Protection HIPAA:164.312(a) HIPAA:164.312(e)

CAPEC:102 CAPEC:117 CAPEC:383 CAPEC:477 CAPEC:65 DISA_STIG:APSC-DV-000170
OWASP:2010-A9 OWASP:2013-A6 OWASP:2017-A3 OWASP:2021-A2 OWASP_API:2019-
API7 OWASP_API:2023-API8 OWASP_ASVS:4.0.2-9.1.1 PCI_DSS:3.2-6.5.4 ISO:27001-A.10.1.1
ISO:27001-A.14.1.2 ISO:27001-A.14.1.3 ISO:27001-A.18.1.5 NIST:sp800_53-SC-13
Fo

Plugin Information

Published: 2019/02/05, Modified: 2024/03/13

Instances

http://zero.webappsecurity.com (tcp/80)
URL

112543 (1) - HTTPS Not Detected 4

http://zero.webappsecurity.com

OUTPUT

The scanner was unable to detect HTTPS when accessing https://zero.webappsecurity.com

REQUEST MADE

GET /

REQUEST HEADERS

User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0

Safari/537.36
Accept=*/*
Accept-Language=en-US,en;q=0.5

112543 (1) - HTTPS Not Detected 5

98057 (1) - Insecure 'Access-Control-Allow-Origin' Header

Synopsis

Insecure 'Access-Control-Allow-Origin' Header

Description

Cross Origin Resource Sharing (CORS) is an HTML5 technology which gives modern web browsers the

ly
ability to bypass restrictions implemented by the Same Origin Policy.

The Same Origin Policy requires that both the JavaScript and the page are loaded from the same domain in
order to allow JavaScript to interact with the page. This in turn prevents malicious JavaScript being executed

On
when loaded from external domains.

The CORS policy allows the application to specify exceptions to the protections implemented by the
browser, and enables the developer to specify allowlisted domains for which external JavaScript is
permitted to execute and interact with the page.

The 'Access-Control-Allow-Origin' header is insecure when set to '*' or null, as it allows any domain to
se
perform cross-domain requests and read responses. An attacker could abuse this configuration to retrieve
private content from an application which does not use standard authentication mechanisms (for example,
an Intranet allowing access from the internal network only).
lU
See Also

https://www.owasp.org/index.php/CORS_OriginHeaderScrutiny
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
ria

Solution

Unless the target application is specifically designed to serve public content to any domain, the 'Access-
Control-Allow-Origin' should be configured with an allowlist including only known and trusted domains to
perform cross-domain requests if needed, or should be disabled.
rT

Risk Factor

Low
Fo

CVSS v3.0 Base Score

3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVSS v2.0 Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References

98057 (1) - Insecure 'Access-Control-Allow-Origin' Header 6

XREF CWE:16 WASC:Application Misconfiguration OWASP:2010-A6 OWASP:2013-A5 OWASP:2017-
A6 OWASP:2021-A5 OWASP_API:2019-API7 OWASP_API:2023-API8

Plugin Information

Published: 2017/03/31, Modified: 2024/03/25

Instances

http://zero.webappsecurity.com (tcp/80)
URL

http://zero.webappsecurity.com/

PROOF

Access-Control-Allow-Origin: *

OUTPUT

Vulnerability has been detected on URL 'http://zero.webappsecurity.com/'

To confirm the presence of the vulnerability, this proof has been identified in the target response:

| Access-Control-Allow-Origin: *

The information used to check the vulnerability have been provided in attachment.

REQUEST MADE

GET /

REQUEST HEADERS

Upgrade-Insecure-Requests=1
User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0
Safari/537.36
Accept=*/*
Accept-Language=en-US,en;q=0.5

RESPONSE HEADERS

HTTP/1.1 200 OK
Date: Wed, 31 Jul 2024 04:45:40 GMT
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: *
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked

98057 (1) - Insecure 'Access-Control-Allow-Origin' Header 7

98060 (1) - Missing 'X-Frame-Options' Header

Synopsis

Missing 'X-Frame-Options' Header

Description

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of

ly
tricking a Web user into clicking on something different from what the user perceives they are clicking on,
thus potentially revealing confidential information or taking control of their computer while clicking on
seemingly innocuous web pages.

On
The server didn't return an `X-Frame-Options` header which means that this website could be at risk of a
clickjacking attack.

The `X-Frame-Options` HTTP response header can be used to indicate whether or not a browser should
be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by
ensuring that their content is not embedded into other sites.

See Also se
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
http://tools.ietf.org/html/rfc7034
lU
https://www.owasp.org/index.php/Clickjacking

Solution
ria

Configure your web server to include an `X-Frame-Options` header.

Risk Factor

Low
rT

CVSS v3.0 Base Score

3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
Fo

CVSS v2.0 Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

References

XREF CWE:1021 CWE:346 WASC:Application Misconfiguration HIPAA:164.306(a)(1)

HIPAA:164.306(a)(2) CAPEC:103 CAPEC:111 CAPEC:141 CAPEC:142 CAPEC:160 CAPEC:181
CAPEC:21 CAPEC:222 CAPEC:384 CAPEC:385 CAPEC:386 CAPEC:387 CAPEC:388
CAPEC:504 CAPEC:506 CAPEC:510 CAPEC:59 CAPEC:60 CAPEC:654 CAPEC:75 CAPEC:76
CAPEC:89 DISA_STIG:APSC-DV-002560 OWASP:2010-A6 OWASP:2013-A5 OWASP:2017-

98060 (1) - Missing 'X-Frame-Options' Header 8

A6 OWASP:2021-A4 OWASP:2021-A7 OWASP_API:2019-API7 OWASP_API:2023-API8
OWASP_ASVS:4.0.2-14.4.3 OWASP_ASVS:4.0.2-14.4.7 PCI_DSS:3.2-6.5 PCI_DSS:3.2-6.5.8
ISO:27001-A.10.1 ISO:27001-A.14.2.5 NIST:sp800_53-CM-6b NIST:sp800_53-SI-10(5)

Plugin Information

Published: 2017/03/31, Modified: 2024/03/25

Instances

http://zero.webappsecurity.com (tcp/80)
URL

http://zero.webappsecurity.com/

OUTPUT

Page http://zero.webappsecurity.com/ has no X-Frame-Options header defined

REQUEST MADE

GET /

REQUEST HEADERS

Upgrade-Insecure-Requests=1
User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0
Safari/537.36
Accept=*/*
Accept-Language=en-US,en;q=0.5

RESPONSE HEADERS

98060 (1) - Missing 'X-Frame-Options' Header 9

98618 (1) - HTTP Header Information Disclosure

Synopsis

HTTP Header Information Disclosure

Description

The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the

ly
server version and technologies used by the web server.

See Also

On
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
http://projects.webappsec.org/w/page/13246925/Fingerprinting

Solution

se
Modify the HTTP headers of the web server to not disclose detailed information about the underlying web
server.

Risk Factor
lU
Low

CVSS v3.0 Base Score

ria

3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVSS v2.0 Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
rT

References

XREF CWE:200 WASC:Information Leakage HIPAA:164.306(a)(1) HIPAA:164.306(a)(2) CAPEC:116

CAPEC:13 CAPEC:169 CAPEC:22 CAPEC:224 CAPEC:285 CAPEC:287 CAPEC:290 CAPEC:291
Fo

CAPEC:292 CAPEC:293 CAPEC:294 CAPEC:295 CAPEC:296 CAPEC:297 CAPEC:298 CAPEC:299

CAPEC:300 CAPEC:301 CAPEC:302 CAPEC:303 CAPEC:304 CAPEC:305 CAPEC:306 CAPEC:307
CAPEC:308 CAPEC:309 CAPEC:310 CAPEC:312 CAPEC:313 CAPEC:317 CAPEC:318 CAPEC:319
CAPEC:320 CAPEC:321 CAPEC:322 CAPEC:323 CAPEC:324 CAPEC:325 CAPEC:326 CAPEC:327
CAPEC:328 CAPEC:329 CAPEC:330 CAPEC:472 CAPEC:497 CAPEC:508 CAPEC:573 CAPEC:574
CAPEC:575 CAPEC:576 CAPEC:577 CAPEC:59 CAPEC:60 CAPEC:616 CAPEC:643 CAPEC:646
CAPEC:651 CAPEC:79 DISA_STIG:APSC-DV-000460 OWASP:2010-A6 OWASP:2013-
A5 OWASP:2017-A6 OWASP:2021-A1 OWASP_API:2019-API7 OWASP_API:2023-API8
OWASP_ASVS:4.0.2-8.3.4 PCI_DSS:3.2-6.5.8 ISO:27001-A.14.2.5 NIST:sp800_53-SI-15

Plugin Information

98618 (1) - HTTP Header Information Disclosure 10

Published: 2019/06/12, Modified: 2024/03/25

Instances

http://zero.webappsecurity.com (tcp/80)
URL

http://zero.webappsecurity.com/

OUTPUT

The following header information disclosures have been detected on http://zero.webappsecurity.com/:

- Server: Apache-Coyote/1.1

REQUEST MADE

GET /

REQUEST HEADERS

Upgrade-Insecure-Requests=1
User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0
Safari/537.36
Accept=*/*
Accept-Language=en-US,en;q=0.5

RESPONSE HEADERS

98618 (1) - HTTP Header Information Disclosure 11

112529 (1) - Missing 'X-Content-Type-Options' Header

Synopsis

Missing 'X-Content-Type-Options' Header

Description

The HTTP 'X-Content-Type-Options' response header prevents the browser from MIME-sniffing a response

ly
away from the declared content-type.

The server did not return a correct 'X-Content-Type-Options' header, which means that this website could
be at risk of a Cross-Site Scripting (XSS) attack.

On
See Also

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto

Solution
se
Configure your web server to include an 'X-Content-Type-Options' header with a value of 'nosniff'.
lU
Risk Factor

Low
ria

CVSS v3.0 Base Score

3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVSS v2.0 Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References
Fo

XREF CWE:693 WASC:Application Misconfiguration HIPAA:164.306(a)(1) HIPAA:164.306(a)(2)

CAPEC:1 CAPEC:107 CAPEC:127 CAPEC:17 CAPEC:20 CAPEC:22 CAPEC:237 CAPEC:36
CAPEC:477 CAPEC:480 CAPEC:51 CAPEC:57 CAPEC:59 CAPEC:65 CAPEC:74 CAPEC:87
OWASP:2010-A6 OWASP:2013-A5 OWASP:2017-A6 OWASP_API:2019-API7 OWASP_API:2023-
API8 PCI_DSS:3.2-2.2 ISO:27001-A.14.2.5 NIST:sp800_53-CM-6b

Plugin Information

Published: 2018/11/28, Modified: 2024/03/25

Instances

112529 (1) - Missing 'X-Content-Type-Options' Header 12

http://zero.webappsecurity.com (tcp/80)
URL

http://zero.webappsecurity.com/

OUTPUT

The scanner detected the lack of a correct X-Content-Type-Options header configuration in the target
application response

REQUEST MADE

GET /

REQUEST HEADERS

Upgrade-Insecure-Requests=1
User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0
Safari/537.36
Accept=*/*
Accept-Language=en-US,en;q=0.5

RESPONSE HEADERS

112529 (1) - Missing 'X-Content-Type-Options' Header 13

112551 (1) - Missing Content Security Policy

Synopsis

Missing Content Security Policy

Description

Content Security Policy (CSP) is a web security standard that helps to mitigate attacks like cross-site

ly
scripting (XSS), clickjacking or mixed content issues. CSP provides mechanisms to websites to restrict
content that browsers will be allowed to load.

No CSP header has been detected on this host. This URL is flagged as a specific example.

On
See Also

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://developers.google.com/web/fundamentals/security/csp/
se
https://content-security-policy.com/
https://csp-evaluator.withgoogle.com/
lU
Solution

Configure Content Security Policy on your website by adding 'Content-Security-Policy' HTTP header or meta
tag http-equiv='Content-Security-Policy'.
ria

Risk Factor

Low
rT

CVSS v3.0 Base Score

3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVSS v2.0 Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References

XREF CWE:1021 WASC:Application Misconfiguration HIPAA:164.306(a)(1) HIPAA:164.306(a)(2)

CAPEC:103 CAPEC:181 CAPEC:222 CAPEC:504 CAPEC:506 CAPEC:654 DISA_STIG:APSC-
DV-002560 OWASP:2010-A6 OWASP:2013-A5 OWASP:2017-A6 OWASP:2021-A4
OWASP_API:2019-API7 OWASP_API:2023-API8 OWASP_ASVS:4.0.2-14.4.3 PCI_DSS:3.2-6.5
ISO:27001-A.14.2.5 NIST:sp800_53-CM-6b

112551 (1) - Missing Content Security Policy 14

Plugin Information

Published: 2019/02/14, Modified: 2024/03/25

Instances

http://zero.webappsecurity.com (tcp/80)
URL

http://zero.webappsecurity.com/

OUTPUT

http://zero.webappsecurity.com/ has no Content Security Policy defined.

REQUEST MADE

GET /

REQUEST HEADERS

Upgrade-Insecure-Requests=1
User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0
Safari/537.36
Accept=*/*
Accept-Language=en-US,en;q=0.5

RESPONSE HEADERS

112551 (1) - Missing Content Security Policy 15

98000 (1) - Scan Information

Synopsis

Scan Information

Description

Provides scan information and statistics of plugins run.

ly
Risk Factor

On
None

Plugin Information

Published: 2017/03/31, Modified: 2023/11/17

Instances se
http://zero.webappsecurity.com (tcp/80)
URL
lU
http://zero.webappsecurity.com

OUTPUT
ria

Engine Version 2.21.2-1491

Plugins Version 202407290728
Scan ID 894d1a44-dbf1-4ccb-94e5-96684c30ca9f

Start Time 2024-07-31 04:45:31 +0000

Duration 00:07:18
rT

Requests 56
Crawler Requests 2
Requests/s 19.2513
Mean Response Time 0.4211s

Bandwidth Usage
Fo

- Data to Target 14.9 KB

- Data from Target 110 KB

Timeouts Encountered
Network Timeouts 0
Browser Timeouts 0

Browser Respawns 0

HTTP Protocols Detected

- HTTP
- HTTPs

Authentication Identified

98000 (1) - Scan Information 16

- None

Plugins
- 65 have been included per scan policy
- 94 have been started based on target information collected

List of plugins is available in 'plugins.csv' attachment.

Settings used to conduct this scan are available in 'configuration.csv' attachment.

98000 (1) - Scan Information 17

98009 (1) - Web Application Sitemap

Synopsis

Web Application Sitemap

Description

Publishes the sitemap of the web application as seen by the scan.

ly
The list of all URLs that have been detected during the scan are available as an attachment. For each URL in
the sitemap, the following information is provided:

On
- The first time the URL is detected - The logic used to detect the URL. This information may be found by:
crawling rendering the page by a specific plugin - The parent URL requested to detect the URL - If the URL
has been requested at least once, information about the response - Whether or not the URL has been
queued for audit - If the URL has not been queued for audit, the reason why the URL does not need an
audit - Whether or not the URL has been effectively audited - If the URL has not been effectively audited,
the reason that the scanner was unable to audit the URL

se
Reasons for not adding a URL to the audit queue are as follows:

- not_in_domain: The domain of the URL does not match main target URL - scope_configuration: The URL
does not match scope include list scan settings - directory_depth: The number of directories in the URL
path exceeds the scan configuration setting - exclude_file_extension: The URL file extension matched one
lU
entry of the file extension blacklist setting - exclude_path_patterns: The URL matched one entry of the
URL exclusion blacklist setting - redundant_path: The number of URLs to be audited with the same path
and query string parameters has been reached - request_redirect_limit: The number of HTTP redirects
allowed per scan configuration setting has been reached - queue_full: The number of URLs to audit has
been reached
ria

If a scan fails to audit a URL that has been queued for audit, reasons for the failure are as follows:

- timeout: The request timed out when trying to retrieve URL contents - filesize_exceeded: URL response
exceeded file size limit defined in the scan configuration - scan_timelimit_reached: The URL couldn’t be
audited before the scan time limit - user_abort: The user stopped the scan before the URL could be audited
rT

Risk Factor

None
Fo

Plugin Information

Published: 2017/03/31, Modified: 2023/11/17

Instances

http://zero.webappsecurity.com (tcp/80)
URL

98009 (1) - Web Application Sitemap 18

http://zero.webappsecurity.com

OUTPUT

The scan has discovered 2 distinct URLs.

The following is a breakdown of which URLs were audited:

- 1 effectively audited
- 1 not queued due to the URL not being in the target domain

Response times ranged between 0.294959s and 0.294959s.

You can access the complete list of URLs with the information collected by the scan as an attachment
to this plugin.

98009 (1) - Web Application Sitemap 19

98059 (1) - Technologies Detected

Synopsis

Technologies Detected

Description

This is an informational plugin to inform the user what technologies the framework has detected on the

ly
target application, which can then be examined and checked for known vulnerable software versions

Solution

On
Only use components that do not have known vulnerabilities, only use components that when combined to
not introduce a security vulnerability, and ensure that a misconfiguration does not cause any vulnerabilities

Risk Factor

None

Plugin Information
se
Published: 2017/12/06, Modified: 2023/11/17
lU
Instances

http://zero.webappsecurity.com (tcp/80)
URL
ria

http://zero.webappsecurity.com

OUTPUT
rT

The framework has detected the following technologies in the target application:

- Apache Tomcat (version unknown)

- Bootstrap (version unknown)
- jQuery (v1.8.2)
Fo

98059 (1) - Technologies Detected 20

98136 (1) - Target Information

Synopsis

Target Information

Description

Publishes the target information of the starting url as evaluated by the scan.

ly
Risk Factor

On
None

Plugin Information

Published: 2017/07/27, Modified: 2024/04/26

Instances se
http://zero.webappsecurity.com (tcp/80)
URL
lU
http://zero.webappsecurity.com

OUTPUT
ria

Access to URL 'http://zero.webappsecurity.com' has been confirmed.

Target Information
------------------------

Domain Name : zero.webappsecurity.com

IP Address : 54.82.22.214

Response Information
---------------------------

Status Code : 200

Return Code : ok
Return Message: No error
Response Time : 0.971487s
Response Size : 12741 bytes
Content-Type : text/html;charset=UTF-8

REQUEST MADE

GET / HTTP/1.1

REQUEST HEADERS

98136 (1) - Target Information 21

Host: zero.webappsecurity.com
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0
Safari/537.36
Accept: */*
Accept-Language: en-US,en;q=0.5

RESPONSE HEADERS

HTTP/1.1 200 OK
Date: Wed, 31 Jul 2024 04:45:36 GMT
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: *
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked

98136 (1) - Target Information 22

98138 (1) - Screenshot

Synopsis

Screenshot

Description

Screenshot of the target web page, see attached image. This screenshot should show you the target

ly
page we are launching the scan against. If the image is not of the intended target page, please check the
provided url in the scan configuration.

On
Risk Factor

None

Plugin Information

Published: 2018/01/23, Modified: 2018/02/14

Instances
se
http://zero.webappsecurity.com (tcp/80)
lU
URL

http://zero.webappsecurity.com
ria

OUTPUT

WAS Scanner has taken a screenshot of the page at url 'http://zero.webappsecurity.com' with
dimensions 1585x1200.

Please see the attachment for the screenshot image.

rT
Fo

98138 (1) - Screenshot 23

98154 (1) - External URLs

Synopsis

External URLs

Description

An external URL is an URL for which the Fully Qualified Domain Name (FQDN) is not the same as the web

ly
target URL one. The scanner detected the presence of external URLs on the target web application and
have listed them based on two types : URLs with a domain name in common with the web target URL and
all the other external URLs.

On
Risk Factor

None

Plugin Information

se
Published: 2022/11/30, Modified: 2022/12/12

Instances
lU
http://zero.webappsecurity.com (tcp/80)
URL

http://zero.webappsecurity.com
ria

OUTPUT

The scanner detected the presence of 28 URLs on the target application:

- 0 URLs which use a hostname related to the target hostname

- 28 URLs which use a third party hostname

The list of the detected URLs is provided in attachment.

98154 (1) - External URLs 24

98526 (1) - Missing Permissions Policy

Synopsis

Missing Permissions Policy

Description

Permissions Policy provides mechanisms to websites to restrict the use of browser features in its own

ly
frame and in iframes that it embeds.

See Also

On
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/

Solution

se
Configure Permissions Policy on your website by adding 'Permissions-Policy' HTTP header.

Risk Factor
lU
None

Plugin Information

Published: 2019/03/27, Modified: 2024/03/25

ria

Instances

http://zero.webappsecurity.com (tcp/80)
URL
rT

http://zero.webappsecurity.com/

OUTPUT
Fo

No Permissions-Policy headers were found on http://zero.webappsecurity.com/

REQUEST MADE

GET /

REQUEST HEADERS

Upgrade-Insecure-Requests=1

98526 (1) - Missing Permissions Policy 25

User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0
Safari/537.36
Accept=*/*
Accept-Language=en-US,en;q=0.5

RESPONSE HEADERS

98526 (1) - Missing Permissions Policy 26

98527 (1) - Missing Referrer Policy

Synopsis

Missing Referrer Policy

Description

Referrer Policy provides mechanisms to websites to restrict referrer information (sent in the referer

ly
header) that browsers will be allowed to add.

No Referrer Policy header or metatag configuration has been detected.

On
See Also

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

Solution

se
Configure Referrer Policy on your website by adding 'Referrer-Policy' HTTP header or meta tag referrer in
HTML.

Risk Factor
lU
None

Plugin Information
ria

Published: 2019/04/02, Modified: 2024/03/25

Instances

http://zero.webappsecurity.com (tcp/80)
rT

URL

http://zero.webappsecurity.com/
Fo

OUTPUT

No Referrer-Policy headers or body meta tags were found on http://zero.webappsecurity.com/

REQUEST MADE

GET /

REQUEST HEADERS

98527 (1) - Missing Referrer Policy 27

Upgrade-Insecure-Requests=1
User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0
Safari/537.36
Accept=*/*
Accept-Language=en-US,en;q=0.5

RESPONSE HEADERS

98527 (1) - Missing Referrer Policy 28

98772 (1) - Fetch/XHR Detected

Synopsis

Fetch/XHR Detected

Description

The scan detected that the web application makes requests that appear to be using Fetch or

ly
XMLHTTPRequests (XHRs) to communicate with a backend API server. Fetchs/XHRs allow retrieval of data
from an API without triggering a page reload, making them especially useful for Single Page Applications.

On
See Also

https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest

Risk Factor

None

Plugin Information
se
lU
Published: 2019/11/14, Modified: 2023/11/17

Instances

http://zero.webappsecurity.com (tcp/80)
URL
ria

http://zero.webappsecurity.com

OUTPUT
rT

The scan detected 19 unique XMLHttpRequests. Here is the distribution of MIME types used by the
detected requests:

- 15 as "application/json"
- 2 as "application/x-javascript"
Fo

- 1 as "text/plain"

- 1 with no specified or detected MIME type

The scan detected 29 unique Fetch Requests. Here is the distribution of MIME types used by the
detected requests:

- 12 as "application/json"
- 2 as "application/x-javascript"
- 1 as "text/css"
- 1 as "image/svg+xml"
- 13 with no specified or detected MIME type

98772 (1) - Fetch/XHR Detected 29

112526 (1) - Missing 'X-XSS-Protection' Header

Synopsis

Missing 'X-XSS-Protection' Header

Description

The HTTP 'X-XSS-Protection' response header is a feature of modern browsers that allows websites to

ly
control their XSS auditors.

The server is not configured to return a 'X-XSS-Protection' header which means that any pages on this
website could be at risk of a Cross-Site Scripting (XSS) attack. This URL is flagged as a specific example.

On
If legacy browsers support is not needed, it is recommended to use Content-Security-Policy without
allowing unsafe-inline scripts instead.

See Also

https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xxxsp
se
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

Solution
lU
Configure your web server to include an 'X-XSS-Protection' header with a value of '1; mode=block' on all
pages.

Risk Factor
ria

None

Plugin Information
rT

Published: 2018/11/27, Modified: 2024/03/25

Instances

http://zero.webappsecurity.com (tcp/80)
Fo

URL

http://zero.webappsecurity.com/

OUTPUT

The scanner detected the lack of X-XSS-Protection header in the target application response.

REQUEST MADE

112526 (1) - Missing 'X-XSS-Protection' Header 30

GET /

REQUEST HEADERS

Upgrade-Insecure-Requests=1
User-Agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0
Safari/537.36
Accept=*/*
Accept-Language=en-US,en;q=0.5

RESPONSE HEADERS

112526 (1) - Missing 'X-XSS-Protection' Header 31

112616 (1) - API Detected

Synopsis

API Detected

Description

The scan detected that some XHR requests seem to call an API. The scanner generated an OpenAPI file

ly
based on the observed requests and attached it to the plugin output. This OpenAPI file can then be used to
run a scan against the API with WAS API Scanning.

On
Risk Factor

None

Plugin Information

Published: 2020/10/21, Modified: 2020/10/21

Instances
se
http://zero.webappsecurity.com (tcp/80)
lU
URL

http://zero.webappsecurity.com
ria

OUTPUT

API endpoints have been detected for the following host(s):

- https://c.go-mpulse.net
- https://cdn.cookielaw.org
- https://app.gatedcontent.com
rT

- https://geolocation.onetrust.com
- https://bootstrap.driftapi.com
- https://metrics.api.drift.com
- https://event.api.drift.com
- https://targeting.api.drift.com
- https://cdn.weglot.com
- https://cdn-api-weglot.com
Fo

- https://analytics.google.com
- https://www.google-analytics.com

112616 (1) - API Detected 32

113393 (1) - Performance Telemetry

Synopsis

Performance Telemetry

Description

This finding provides information to assist in scan performance tuning.

ly
Risk Factor

On
None

Plugin Information

Published: 2022/10/17, Modified: 2023/11/17

Instances se
http://zero.webappsecurity.com (tcp/80)
URL
lU
http://zero.webappsecurity.com

OUTPUT
ria

Three attachments are included in this finding to assist in performance tuning of your scan:
-pages_telemetry.csv: Scan statistics organized by page
-plugins_telemetry.csv: Scan statistics organized by plugin
-time_telemetry.csv: Chronological scan statistics
rT
Fo