Download

Alert Tag: OWASP_2017_A05

Alert Tags > OWASP_2017_A05

https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html

All of the alerts which use this tag:
ID Alert Status Risk Type
0 Directory Browsing release Medium Active
6-1 Path Traversal release High Active
6-2 Path Traversal release High Active
6-3 Path Traversal release High Active
6-4 Path Traversal release High Active
6-5 Path Traversal release High Active
10054-1 Cookie without SameSite Attribute release Low Passive
10054-2 Cookie with SameSite Attribute None release Low Passive
10054-3 Cookie with Invalid SameSite Attribute release Low Passive
10057 Username Hash Found release Informational Passive
10063-1 Permissions Policy Header Not Set beta Low Passive
10063-2 Deprecated Feature Policy Header Set beta Low Passive
10098 Cross-Domain Misconfiguration release Medium Passive
10101 Access Control Issue - Improper Authentication alpha High Tool
10102 Access Control Issue - Improper Authorization alpha High Tool
10202 Absence of Anti-CSRF Tokens release Medium Passive
40013-1 Session ID Transmitted Insecurely beta Medium Active
40013-2 Session ID Cookie Accessible to JavaScript beta Low Active
40013-3 Session ID Expiry Time/Max-Age is Excessive beta High Active
40013-4 Session Fixation beta Informational Active
40013-5 Exposed Session ID beta Medium Active
40013-6 Session Fixation beta Medium Active
40038 Bypassing 403 beta Medium Active
40040-1 CORS Header beta Informational Active
40040-2 CORS Misconfiguration beta Medium Active
40040-3 CORS Misconfiguration beta High Active
40042 Spring Actuator Information Leak release Medium Active
90005-1 Sec-Fetch-Site Header is Missing alpha Informational Passive
90005-2 Sec-Fetch-Mode Header is Missing alpha Informational Passive
90005-3 Sec-Fetch-Dest Header is Missing alpha Informational Passive
90005-4 Sec-Fetch-User Header is Missing alpha Informational Passive
90005-5 Sec-Fetch-Site Header Has an Invalid Value alpha Informational Passive
90005-6 Sec-Fetch-Mode Header Has an Invalid Value alpha Informational Passive
90005-7 Sec-Fetch-Dest Header Has an Invalid Value alpha Informational Passive
90005-8 Sec-Fetch-User Header Has an Invalid Value alpha Informational Passive
100025 Cross-Site WebSocket Hijacking alpha High Script Active