Download

Alert Tag: OWASP_2021_A01

Alert Tags > OWASP_2021_A01

OWASP_2021_A01

All of the alerts which use this tag:
ID Alert Status Risk Type
0 Directory Browsing release Medium Active
2 Private IP Disclosure release Low Passive
3-1 Session ID in URL Rewrite release Medium Passive
3-2 Session ID in URL Rewrite release Medium Passive
3-3 Referer Exposes Session ID release Medium Passive
6-1 Path Traversal release High Active
6-2 Path Traversal release High Active
6-3 Path Traversal release High Active
6-4 Path Traversal release High Active
6-5 Path Traversal release High Active
10023 Information Disclosure - Debug Error Messages release Low Passive
10024 Information Disclosure - Sensitive Information in URL release Informational Passive
10025 Information Disclosure - Sensitive Information in HTTP Referrer Header release Informational Passive
10027 Information Disclosure - Suspicious Comments release Informational Passive
10037 Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) release Low Passive
10054-1 Cookie without SameSite Attribute release Low Passive
10054-2 Cookie with SameSite Attribute None release Low Passive
10054-3 Cookie with Invalid SameSite Attribute release Low Passive
10056 X-Debug-Token Information Leak release Low Passive
10057 Username Hash Found release Informational Passive
10063-1 Permissions Policy Header Not Set beta Low Passive
10063-2 Deprecated Feature Policy Header Set beta Low Passive
10096 Timestamp Disclosure - Unix release Low Passive
10098 Cross-Domain Misconfiguration release Medium Passive
10101 Access Control Issue - Improper Authentication alpha High Tool
10102 Access Control Issue - Improper Authorization alpha High Tool
10105-1 Authentication Credentials Captured release Medium Passive
10105-2 Weak Authentication Method release Medium Passive
10202 Absence of Anti-CSRF Tokens release Medium Passive
40013-1 Session ID Transmitted Insecurely beta Medium Active
40013-2 Session ID Cookie Accessible to JavaScript beta Low Active
40013-3 Session ID Expiry Time/Max-Age is Excessive beta High Active
40013-4 Session Fixation beta Informational Active
40013-5 Exposed Session ID beta Medium Active
40013-6 Session Fixation beta Medium Active
40038 Bypassing 403 beta Medium Active
40040-1 CORS Header beta Informational Active
40040-2 CORS Misconfiguration beta Medium Active
40040-3 CORS Misconfiguration beta High Active
40042 Spring Actuator Information Leak release Medium Active
90005-1 Sec-Fetch-Site Header is Missing alpha Informational Passive
90005-2 Sec-Fetch-Mode Header is Missing alpha Informational Passive
90005-3 Sec-Fetch-Dest Header is Missing alpha Informational Passive
90005-4 Sec-Fetch-User Header is Missing alpha Informational Passive
90005-5 Sec-Fetch-Site Header Has an Invalid Value alpha Informational Passive
90005-6 Sec-Fetch-Mode Header Has an Invalid Value alpha Informational Passive
90005-7 Sec-Fetch-Dest Header Has an Invalid Value alpha Informational Passive
90005-8 Sec-Fetch-User Header Has an Invalid Value alpha Informational Passive
100025 Cross-Site WebSocket Hijacking alpha High Script Active
100026 JWT None Exploit alpha High Script Active
210002-1 Open redirect via window.open alpha Low Tool
210002-2 Open redirect via Navigation API alpha Low Tool
210004-1 Route-controlled history.replaceState alpha Medium Tool
210004-2 Route-controlled Navigation API transition alpha Medium Tool
210005-1 Form action manipulated by tainted route or body input alpha Medium Tool
210005-2 formAction manipulated by tainted route or body input alpha Medium Tool
220002-1 Disallow direct navigation primitives alpha Medium Tool
220002-2 Same-origin URL mutations alpha Medium Tool
220002-3 DOM-based Open Redirection (taint flow) alpha Medium Tool