diff --git a/.github/scripts/git_protect.py b/.github/scripts/git_protect.py new file mode 100644 index 00000000000..83b3d88da2b --- /dev/null +++ b/.github/scripts/git_protect.py @@ -0,0 +1,103 @@ +import argparse +import logging +import re +import subprocess +from pathlib import Path + +log = logging.getLogger(__name__) + + +def gitignore_to_regex(pattern) -> str: + # Replace .gitignore-style patterns with regex equivalents + pattern = pattern.replace("*", ".*") # * -> .* + pattern = pattern.replace("?", ".") # ? -> . + pattern = pattern.replace("[!", "[^") # [!abc] -> [^abc] + + # If the pattern ends with '/', it matches directories + if pattern.endswith("/"): + pattern = f"{pattern}.*" + + return rf"^{pattern}" + + +def get_protected_files(file_name: str) -> list[str]: + # Check to see if the .gitprotect file exists + config_path = Path(file_name) + if not config_path.exists(): + log.error(f"ERROR: Could not find .gitprotect at {config_path.absolute()}") + exit(1) + + # Open the file and read in file paths + with open(file_name, "r") as file: + return [gitignore_to_regex(line.strip()) for line in file] + + +def get_changed_files(base_ref: str, head_ref: str) -> list[str]: + result = subprocess.run( + [ + "git", + "diff", + "--name-only", + base_ref, + head_ref, + ], + capture_output=True, + text=True, + ) + return result.stdout.splitlines() + + +def check_changes_against_protect_list( + changed_files: list[str], protected_files: list[str], comment_only: bool +): + violations = set() + + # If any modified file is one in the protect list, add the files to the violations list + for protected_file in protected_files: + pattern = re.compile(protected_file) + files_with_pattern = [f for f in changed_files if pattern.search(f)] + violations.update(files_with_pattern) + + violations_list = "\n".join(violations) + if violations: + log.error( + f"The following files are protected and cannot be modified:\n{violations_list}" + ) + if comment_only: + exit_code = 0 + else: + exit_code = 1 + exit(exit_code) + else: + log.debug("No changes to protected files were detected.") + + +def main(args): + changed_files = get_changed_files( + args.base_ref, + args.head_ref, + ) + protected_files = get_protected_files(".gitprotect") + check_changes_against_protect_list( + protected_files=protected_files, + changed_files=changed_files, + comment_only=args.comment_only + ) + + +if __name__ == "__main__": + parser = argparse.ArgumentParser( + description="A utility function to check if protected files have been modified." + ) + parser.add_argument( + "base_ref", help="The git SHA for the most recent merged commit." + ) + parser.add_argument("head_ref", help="The git SHA for the incoming commit") + parser.add_argument( + "--comment-only", + action="store_true", + help="Sets git-protect to not exit with an error code", + ) + + args = parser.parse_args() + main(args) diff --git a/.github/workflows/cancel-outdated-workflow-runs.yml b/.github/workflows/cancel-outdated-workflow-runs.yml index 205e6ef68c8..7d8dbcfa377 100644 --- a/.github/workflows/cancel-outdated-workflow-runs.yml +++ b/.github/workflows/cancel-outdated-workflow-runs.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 3 steps: - - uses: styfle/cancel-workflow-action@0.11.0 + - uses: styfle/cancel-workflow-action@0.12.0 with: workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml' access_token: ${{ github.token }} diff --git a/.github/workflows/check-protected-files.yml b/.github/workflows/check-protected-files.yml new file mode 100644 index 00000000000..2c4a530611b --- /dev/null +++ b/.github/workflows/check-protected-files.yml @@ -0,0 +1,45 @@ +name: Check For Modifications to Protected Files + +on: + pull_request_target: + +jobs: + check-if-protected-files-are-modified: + permissions: write-all + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Check for file changes using git-protect + run: | + python .github/scripts/git_protect.py ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} --comment-only &> output.txt + + - name: Post a comment back to the PR if protected files have changed + if: ${{ always() }} + uses: actions/github-script@v6 + with: + script: | + const fs = require('fs'); + + fs.readFile('output.txt', 'utf8', (err, data) => { + if (err) { + console.error('Error reading the file:', err); + return; + } + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: data + }) + }); \ No newline at end of file diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 9d44410ca22..369ee52f40d 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -21,7 +21,7 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: '16.x' diff --git a/.github/workflows/plantuml.yml b/.github/workflows/plantuml.yml index b16d79baa8d..c6016c03984 100644 --- a/.github/workflows/plantuml.yml +++ b/.github/workflows/plantuml.yml @@ -33,7 +33,7 @@ jobs: with: args: -v -tpng ${{ steps.getfile.outputs.files }} - name: Push Local Changes - uses: stefanzweifel/git-auto-commit-action@v4.16.0 + uses: stefanzweifel/git-auto-commit-action@v5.0.0 with: commit_user_name: "PlantUML_bot" commit_user_email: "noreply@defectdojo.org" diff --git a/.github/workflows/release-1-create-pr.yml b/.github/workflows/release-1-create-pr.yml index f3e1d0c278f..70964a047db 100644 --- a/.github/workflows/release-1-create-pr.yml +++ b/.github/workflows/release-1-create-pr.yml @@ -75,7 +75,7 @@ jobs: grep -H version helm/defectdojo/Chart.yaml - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v4.16.0 + uses: stefanzweifel/git-auto-commit-action@v5.0.0 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" diff --git a/.github/workflows/release-3-master-into-dev.yml b/.github/workflows/release-3-master-into-dev.yml index 4d5cebcdac8..2b1a153f1bb 100644 --- a/.github/workflows/release-3-master-into-dev.yml +++ b/.github/workflows/release-3-master-into-dev.yml @@ -57,7 +57,7 @@ jobs: grep version components/package.json - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v4.16.0 + uses: stefanzweifel/git-auto-commit-action@v5.0.0 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" @@ -123,7 +123,7 @@ jobs: grep version components/package.json - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v4.16.0 + uses: stefanzweifel/git-auto-commit-action@v5.0.0 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 786d895516b..154cfb74a29 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -19,7 +19,7 @@ jobs: update_release_draft: runs-on: ubuntu-latest steps: - - uses: release-drafter/release-drafter@v5.24.0 + - uses: release-drafter/release-drafter@v5.25.0 with: version: ${{github.event.inputs.version}} env: diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml index 3f4dc4d10b1..170e7c89b1a 100644 --- a/.github/workflows/test-helm-chart.yml +++ b/.github/workflows/test-helm-chart.yml @@ -35,7 +35,7 @@ jobs: helm dependency update ./helm/defectdojo - name: Set up chart-testing - uses: helm/chart-testing-action@v2.4.0 + uses: helm/chart-testing-action@v2.6.1 - name: Determine target branch id: ct-branch-target diff --git a/.gitprotect b/.gitprotect new file mode 100644 index 00000000000..dd27cff2dd6 --- /dev/null +++ b/.gitprotect @@ -0,0 +1,54 @@ +dojo/announcement/ +dojo/api_v2/ +dojo/authorization/ +dojo/db_migrations/ +dojo/endpoint/ +dojo/engagement/ +dojo/finding/ +dojo/finding_group/ +dojo/group/ +dojo/importers/ +dojo/jira_link/ +dojo/metrics/ +dojo/note_type/ +dojo/notes/ +dojo/product/ +dojo/product_type/ +dojo/reports/ +dojo/risk_acceptance/ +dojo/rules/ +dojo/search/ +dojo/templates/ +dojo/templatetags/ +dojo/test/ +dojo/tool_config/ +dojo/tool_product/ +dojo/tool_type/ +dojo/user/ + +dojo/apps.py +dojo/celery.py +dojo/context_processors.py +dojo/decorators.py +dojo/filters.py +dojo/forms.py +dojo/middleware.py +dojo/models.py +dojo/okta.py +dojo/pipeline.py +dojo/remote_user.py +dojo/tasks.py +dojo/urls.py +dojo/utils.py +dojo/views.py +dojo/wsgi.py + + +docker/environments/ +docker/extra_settings/ +docker/entrypoint-celery-beat.sh +docker/entrypoint-celery-worker.sh +docker/entrypoint-initializer.sh +docker/entrypoint-nginx.sh +docker/entrypoint-uwsgi.sh +docker/wait-for-it.sh \ No newline at end of file diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine index 69e6a47bc72..dd4493877d1 100644 --- a/Dockerfile.nginx-alpine +++ b/Dockerfile.nginx-alpine @@ -140,7 +140,7 @@ COPY manage.py ./ COPY dojo/ ./dojo/ RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true -FROM nginx:1.25.2-alpine@sha256:16164a43b5faec40adb521e98272edc528e74f31c1352719132b8f7e53418d70 +FROM nginx:1.25.3-alpine@sha256:db353d0f0c479c91bd15e01fc68ed0f33d9c4c52f3415e63332c3d0bf7a4bb77 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ diff --git a/Dockerfile.nginx-debian b/Dockerfile.nginx-debian index 16e1f67d989..6b13d97df7b 100644 --- a/Dockerfile.nginx-debian +++ b/Dockerfile.nginx-debian @@ -75,7 +75,7 @@ COPY dojo/ ./dojo/ RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true -FROM nginx:1.25.2-alpine@sha256:16164a43b5faec40adb521e98272edc528e74f31c1352719132b8f7e53418d70 +FROM nginx:1.25.3-alpine@sha256:db353d0f0c479c91bd15e01fc68ed0f33d9c4c52f3415e63332c3d0bf7a4bb77 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ diff --git a/README.md b/README.md index bb6eb828881..3eb26774ce6 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,10 @@ Try out the demo server at [demo.defectdojo.org](https://demo.defectdojo.org) Log in with `admin / 1Defectdojo@demo#appsec`. Please note that the demo is publicly accessible and regularly reset. Do not put sensitive data in the demo. -## Quick Start +## Quick Start for Compose V2 +From July 2023 Compose V1 [stopped receiving updates](https://docs.docker.com/compose/reference/). + +Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using `docker compose`, instead of `docker-compose`. ```sh git clone https://github.com/DefectDojo/django-DefectDojo @@ -52,9 +55,23 @@ cd django-DefectDojo ./dc-up.sh postgres-redis # obtain admin credentials. the initializer can take up to 3 minutes to run # use docker-compose logs -f initializer to track progress -docker-compose logs initializer | grep "Admin password:" +docker compose logs initializer | grep "Admin password:" +``` +## For Docker Compose V1 +You can run Compose V1 by editing the below files to add the hyphen (-) between `docker compose`. +```sh + dc-build.sh + dc-down.sh + dc-stop.sh + dc-unittest.sh + dc-up-d.sh + dc-up.sh + docker/docker-compose-check.sh + docker/entrypoint-initializer.sh + docker/setEnv.sh ``` + Navigate to . diff --git a/components/package.json b/components/package.json index c569e2e364b..a0424b30dcd 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.27.4", + "version": "2.28.0", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dc-build.sh b/dc-build.sh index 365b620fc4d..8793ee97463 100755 --- a/dc-build.sh +++ b/dc-build.sh @@ -12,4 +12,6 @@ fi # Building images for all configurations # The docker build doesn't supply any environment variables to the Dockerfile, so we can use any profile. -docker-compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env build $1 + +# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. +docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env build $1 diff --git a/dc-down.sh b/dc-down.sh index 1f096bad0df..13dd5006364 100755 --- a/dc-down.sh +++ b/dc-down.sh @@ -12,4 +12,6 @@ fi # Stopping containers for all configurations # The environment must be provided but it doesn't make a difference which one -docker-compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env down $1 + +# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. +docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env down $1 diff --git a/dc-stop.sh b/dc-stop.sh index 2b4648ab36a..c1bbdd5b61e 100755 --- a/dc-stop.sh +++ b/dc-stop.sh @@ -12,4 +12,6 @@ fi # Stopping containers for all configurations # The environment must be provided but it doesn't make a difference which one -docker-compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env stop $1 + +# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. +docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env stop $1 diff --git a/dc-unittest.sh b/dc-unittest.sh index 38762730d3e..0a566e9f760 100755 --- a/dc-unittest.sh +++ b/dc-unittest.sh @@ -73,4 +73,6 @@ then fi echo "Running docker compose unit tests with profile $PROFILE and test case $TEST_CASE ..." -docker-compose --profile $PROFILE --env-file ./docker/environments/$PROFILE.env exec uwsgi bash -c "python manage.py test $TEST_CASE -v2 --keepdb" + +# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. +docker compose --profile $PROFILE --env-file ./docker/environments/$PROFILE.env exec uwsgi bash -c "python manage.py test $TEST_CASE -v2 --keepdb" diff --git a/dc-up-d.sh b/dc-up-d.sh index 4e1816cd1cb..2ad26c12c01 100755 --- a/dc-up-d.sh +++ b/dc-up-d.sh @@ -27,4 +27,6 @@ else fi echo "Starting docker compose with profile $PROFILE in the background ..." -docker-compose --profile $PROFILE --env-file ./docker/environments/$PROFILE.env up --no-deps -d + +# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. +docker compose --profile $PROFILE --env-file ./docker/environments/$PROFILE.env up --no-deps -d diff --git a/dc-up.sh b/dc-up.sh index 9a2c8a14296..2b07d9addb3 100755 --- a/dc-up.sh +++ b/dc-up.sh @@ -26,4 +26,6 @@ else fi echo "Starting docker compose with profile $PROFILE in the foreground ..." -docker-compose --profile $PROFILE --env-file ./docker/environments/$PROFILE.env up --no-deps + +# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. +docker compose --profile $PROFILE --env-file ./docker/environments/$PROFILE.env up --no-deps diff --git a/docker-compose.yml b/docker-compose.yml index ebc59d2a842..80566497316 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -125,7 +125,7 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings mysql: - image: mysql:5.7.43@sha256:2c23f254c6b9444ecda9ba36051a9800e8934a2f5828ecc8730531db8142af83 + image: mysql:5.7.44@sha256:880063e8acda81825f0b946eff47c45235840480da03e71a22113ebafe166a3d profiles: - mysql-rabbitmq - mysql-redis @@ -138,7 +138,7 @@ services: volumes: - defectdojo_data:/var/lib/mysql postgres: - image: postgres:16.0-alpine@sha256:2ccd6655060d7b06c71f86094e8c7a28bdcc8a80b43baca4b1dabb29cff138a2 + image: postgres:16.0-alpine@sha256:acf5271bbecd4b8733f4e93959a8d2b536a57aeee6cc4b6a71890aaf646425b8 profiles: - postgres-rabbitmq - postgres-redis @@ -149,14 +149,14 @@ services: volumes: - defectdojo_postgres:/var/lib/postgresql/data rabbitmq: - image: rabbitmq:3.12.6-alpine@sha256:a21880dc5e2b4581c0dd762337c7112475a2d8daba697e1c6192923ebad91739 + image: rabbitmq:3.12.8-alpine@sha256:f1a169ec5763caccdd05c35499c1441a7eacf0c8f442618ca15df4c2da96a735 profiles: - mysql-rabbitmq - postgres-rabbitmq volumes: - defectdojo_rabbitmq:/var/lib/rabbitmq redis: - image: redis:7.2.1-alpine@sha256:9150d86fe2a9d03bbdb15bb9758fa5e3d24632386af8f6eb4d675ee4c976f499 + image: redis:7.2.3-alpine@sha256:5482672695b73780afeddb2ee84d58f393f16f34718d76b246c76afe27465d4c profiles: - mysql-redis - postgres-redis diff --git a/docker/docker-compose-check.sh b/docker/docker-compose-check.sh index 2d86ce76d2c..6f705ffcab2 100755 --- a/docker/docker-compose-check.sh +++ b/docker/docker-compose-check.sh @@ -1,12 +1,12 @@ #!/bin/bash -main=`docker-compose version --short | cut -d '.' -f 1` -minor=`docker-compose version --short | cut -d '.' -f 2` -current=`docker-compose version --short` +main=`docker compose version --short | cut -d '.' -f 1` +minor=`docker compose version --short | cut -d '.' -f 2` +current=`docker compose version --short` -echo 'Checking docker-compose version' -if [[ $main -lt 1 ]]; then - echo "$current is not supported docker-compose version, please upgrade to minimal supported version:1.28" +echo 'Checking docker compose version' +if [[ $main -lt 2 ]]; then + echo "$current is not a supported docker-compose version, please upgrade to the minimum supported version: 2.0" exit 1 elif [[ $main -eq 1 ]]; then if [[ $minor -lt 28 ]]; then @@ -15,4 +15,4 @@ elif [[ $main -eq 1 ]]; then fi fi -echo 'Supported docker-compose version' \ No newline at end of file +echo 'Supported docker compose version' \ No newline at end of file diff --git a/docker/entrypoint-initializer.sh b/docker/entrypoint-initializer.sh index 19738bcd31b..2a59c12235b 100755 --- a/docker/entrypoint-initializer.sh +++ b/docker/entrypoint-initializer.sh @@ -78,7 +78,7 @@ if [ ! -z "$ADMIN_EXISTS" ] then echo "Admin password: Initialization detected that the admin user ${DD_ADMIN_USER} already exists in your database." echo "If you don't remember the ${DD_ADMIN_USER} password, you can create a new superuser with:" - echo "$ docker-compose exec uwsgi /bin/bash -c 'python manage.py createsuperuser'" + echo "$ docker compose exec uwsgi /bin/bash -c 'python manage.py createsuperuser'" create_announcement_banner initialize_data exit diff --git a/docker/setEnv.sh b/docker/setEnv.sh index c6f998cdcb2..f7d7316f7e6 100755 --- a/docker/setEnv.sh +++ b/docker/setEnv.sh @@ -53,7 +53,7 @@ function set_release { get_current if [ "${current_env}" != release ] then - docker-compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down # In release configuration there is no override file rm ${override_link} echo "Now using 'release' configuration." @@ -67,7 +67,7 @@ function set_dev { get_current if [ "${current_env}" != dev ] then - docker-compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_dev} ${override_link} echo "Now using 'dev' configuration." @@ -80,7 +80,7 @@ function set_debug { get_current if [ "${current_env}" != debug ] then - docker-compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_debug} ${override_link} echo "Now using 'debug' configuration." @@ -93,7 +93,7 @@ function set_unit_tests { get_current if [ "${current_env}" != unit_tests ] then - docker-compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_unit_tests} ${override_link} echo "Now using 'unit_tests' configuration." @@ -106,7 +106,7 @@ function set_unit_tests_cicd { get_current if [ "${current_env}" != unit_tests_cicd ] then - docker-compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_unit_tests_cicd} ${override_link} echo "Now using 'unit_tests_cicd' configuration." @@ -119,7 +119,7 @@ function set_integration_tests { get_current if [ "${current_env}" != integration_tests ] then - docker-compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_integration_tests} ${override_link} echo "Now using 'integration_tests' configuration." diff --git a/docs/content/en/integrations/parsers/file/hcl_appscan.md b/docs/content/en/integrations/parsers/file/hcl_appscan.md new file mode 100644 index 00000000000..ef2f68c5999 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/hcl_appscan.md @@ -0,0 +1,5 @@ +--- +title: "HCL Appscan" +toc_hide: true +--- +The HCL Appscan has the possibiilty to export the results in PDF, XML and CSV formats within the portal. However, this parser only supports the import of XML generated from HCL Appscan on cloud. diff --git a/docs/content/en/integrations/parsers/file/openvas_xml.md b/docs/content/en/integrations/parsers/file/openvas_xml.md new file mode 100644 index 00000000000..c361a1c44b0 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/openvas_xml.md @@ -0,0 +1,5 @@ +--- +title: "OpenVAS XML" +toc_hide: true +--- +Import Greenbone OpenVAS Scan in XML format. Export as XML Results on OpenVAS. diff --git a/docs/content/en/integrations/parsers/file/rusty_hog.md b/docs/content/en/integrations/parsers/file/rusty_hog.md index 428e21fd9fb..ee10c565e8f 100644 --- a/docs/content/en/integrations/parsers/file/rusty_hog.md +++ b/docs/content/en/integrations/parsers/file/rusty_hog.md @@ -10,3 +10,6 @@ DefectDojo currently supports the parsing of the following Rusty Hog JSON output - Duroc Hog: Scans for secrets in directories, files, and archives. - Gottingen Hog: Scans for secrets in a JIRA issue. - Essex Hog: Scans for secrets in a Confluence page. + +RustyHog scans only one target at a time. This is not efficient if you want to scan all targets (e.g. all JIRA tickets) and upload each single report to DefectDojo. +[Rusty-Hog-Wrapper](https://github.com/manuel-sommer/Rusty-Hog-Wrapper) deals with this and scans a whole JIRA Project or Confluence Space, merges the findings into a valid file which can be uploaded to DefectDojo. (This is no official recommendation from DefectDojo, but rather a pointer in a direction on how to use this vulnerability scanner in a more efficient way.) \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/ssh_audit.md b/docs/content/en/integrations/parsers/file/ssh_audit.md new file mode 100644 index 00000000000..e5877f79380 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/ssh_audit.md @@ -0,0 +1,5 @@ +--- +title: "SSH Audit" +toc_hide: true +--- +Import JSON output of ssh_audit report. See \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/sysdig_reports.md b/docs/content/en/integrations/parsers/file/sysdig_reports.md new file mode 100644 index 00000000000..39037ad8068 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/sysdig_reports.md @@ -0,0 +1,8 @@ +--- +title: "Sysdig Vulnerability Reports" +toc_hide: true +--- +Import CSV report files from Sysdig. +Parser will accept Pipeline, Registry and Runtime reports created from the UI + +More information available at [our reporting docs page](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/reporting) \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/threagile.md b/docs/content/en/integrations/parsers/file/threagile.md new file mode 100644 index 00000000000..2e7229b2cc9 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/threagile.md @@ -0,0 +1,88 @@ +--- +title: "Threagile" +toc_hide: true +--- + +### File Types +DefectDojo parser accepts a .json file. +JSON reports are created from the Threagile tool (default name `risks.json`) using the following command: + +```shell +docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -verbose -model /app/work/threagile.yaml -output /app/work +``` + + +### Acceptable JSON Format +Parser expects an array of finding. All properties are strings. Required fields are the following +- "category" +- "title" +- "severity" +- "synthetic_id" +- "exploitation_impact" + +`catergory` fields is used to set both the title of the Finding as well as the cwe. +`most_relevant_technical_asset` field is used to determine the component. +~~~ + +[ + { + "category": "unguarded-direct-datastore-access", + "risk_status": "unchecked", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eEnergon\u003c/b\u003e via \u003cb\u003eEnergonToPolicyRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@energon-ta\u003eenergontopolicyregofilestorage@energon-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "energon-ta\u003eenergontopolicyregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "unguarded-direct-datastore-access", + "risk_status": "in-discussion", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eIAMSidecar\u003c/b\u003e via \u003cb\u003eIAMBachendAPIPoliciesRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@iam-sidecar-ta\u003eiambachendapipoliciesregofilestorage@iam-sidecar-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "iam-sidecar-ta\u003eiambachendapipoliciesregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "unguarded-direct-datastore-access", + "risk_status": "accepted", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eIDMSidecar\u003c/b\u003e via \u003cb\u003eIAMSidecarPoliciesRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@idm-sidecar-ta\u003eiamsidecarpoliciesregofilestorage@idm-sidecar-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "idm-sidecar-ta\u003eiamsidecarpoliciesregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + ... +] + +~~~ + +### Sample Scan Data +You can run a sample model and download some sample risk data from [here](https://run.threagile.io/) \ No newline at end of file diff --git a/dojo/__init__.py b/dojo/__init__.py index fa0ddf6c0a1..aeccab61905 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa -__version__ = '2.27.4' +__version__ = '2.28.0' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/dojo/db_migrations/0191_alter_notifications_risk_acceptance_expiration.py b/dojo/db_migrations/0191_alter_notifications_risk_acceptance_expiration.py new file mode 100644 index 00000000000..f7526915166 --- /dev/null +++ b/dojo/db_migrations/0191_alter_notifications_risk_acceptance_expiration.py @@ -0,0 +1,19 @@ +# Generated by Django 4.1.11 on 2023-10-22 20:50 + +from django.db import migrations +import multiselectfield.db.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0190_system_settings_experimental_fp_history'), + ] + + operations = [ + migrations.AlterField( + model_name='notifications', + name='risk_acceptance_expiration', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), help_text='Get notified of (upcoming) Risk Acceptance expiries', max_length=24, verbose_name='Risk Acceptance Expiration'), + ), + ] diff --git a/dojo/engagement/urls.py b/dojo/engagement/urls.py index cbe672736db..7f127433efd 100644 --- a/dojo/engagement/urls.py +++ b/dojo/engagement/urls.py @@ -23,7 +23,7 @@ re_path(r'^engagement/(?P\d+)/add_tests$', views.add_tests, name='add_tests'), re_path(r'^engagement/(?P\d+)/import_scan_results$', - views.import_scan_results, name='import_scan_results'), + views.ImportScanResultsView.as_view(), name='import_scan_results'), re_path(r'^engagement/(?P\d+)/close$', views.close_eng, name='close_engagement'), re_path(r'^engagement/(?P\d+)/reopen$', views.reopen_eng, diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py index e4d56c44146..635248f0f2e 100644 --- a/dojo/engagement/views.py +++ b/dojo/engagement/views.py @@ -1,6 +1,7 @@ import logging import csv import re +from django.views import View from openpyxl import Workbook from openpyxl.styles import Font from tempfile import NamedTemporaryFile @@ -573,31 +574,77 @@ def add_tests(request, eid): }) -# Cant use the easy decorator because of the potential for either eid/pid being used -def import_scan_results(request, eid=None, pid=None): - environment = Development_Environment.objects.filter(name='Development').first() # If 'Development' was removed, None is used - engagement = None - form = ImportScanForm(initial={'environment': environment}) - cred_form = CredMappingForm() - finding_count = 0 - jform = None - user = request.user - - if eid: - engagement = get_object_or_404(Engagement, id=eid) - engagement_or_product = engagement - cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter(engagement=engagement).order_by('cred_id') - elif pid: - product = get_object_or_404(Product, id=pid) - engagement_or_product = product - else: - raise Exception('Either Engagement or Product has to be provided') +class ImportScanResultsView(View): + def get(self, request, eid=None, pid=None): + environment = Development_Environment.objects.filter(name='Development').first() + engagement = None + form = ImportScanForm(initial={'environment': environment}) + cred_form = CredMappingForm() + jform = None + user = request.user + + if eid: + engagement = get_object_or_404(Engagement, id=eid) + engagement_or_product = engagement + cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter(engagement=engagement).order_by('cred_id') + elif pid: + product = get_object_or_404(Product, id=pid) + engagement_or_product = product + else: + raise Exception('Either Engagement or Product has to be provided') + + user_has_permission_or_403(user, engagement_or_product, Permissions.Import_Scan_Result) + + push_all_jira_issues = jira_helper.is_push_all_issues(engagement_or_product) + custom_breadcrumb = None + title = "Import Scan Results" + if engagement: + product_tab = Product_Tab(engagement.product, title=title, tab="engagements") + product_tab.setEngagement(engagement) + else: + custom_breadcrumb = {"", ""} + product_tab = Product_Tab(product, title=title, tab="findings") + + if jira_helper.get_jira_project(engagement_or_product): + jform = JIRAImportScanForm(push_all=push_all_jira_issues, prefix='jiraform') + + form.fields['endpoints'].queryset = Endpoint.objects.filter(product__id=product_tab.product.id) + form.fields['api_scan_configuration'].queryset = Product_API_Scan_Configuration.objects.filter(product__id=product_tab.product.id) + + return render(request, + 'dojo/import_scan_results.html', + {'form': form, + 'product_tab': product_tab, + 'engagement_or_product': engagement_or_product, + 'custom_breadcrumb': custom_breadcrumb, + 'title': title, + 'cred_form': cred_form, + 'jform': jform, + 'scan_types': get_scan_types_sorted(), + }) - user_has_permission_or_403(user, engagement_or_product, Permissions.Import_Scan_Result) + def post(self, request, eid=None, pid=None): + environment = Development_Environment.objects.filter(name='Development').first() # If 'Development' was removed, None is used + engagement = None + form = ImportScanForm(initial={'environment': environment}) + cred_form = CredMappingForm() + finding_count = 0 + jform = None + user = request.user + + if eid: + engagement = get_object_or_404(Engagement, id=eid) + engagement_or_product = engagement + cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter(engagement=engagement).order_by('cred_id') + elif pid: + product = get_object_or_404(Product, id=pid) + engagement_or_product = product + else: + raise Exception('Either Engagement or Product has to be provided') - push_all_jira_issues = jira_helper.is_push_all_issues(engagement_or_product) + user_has_permission_or_403(user, engagement_or_product, Permissions.Import_Scan_Result) - if request.method == "POST": + push_all_jira_issues = jira_helper.is_push_all_issues(engagement_or_product) form = ImportScanForm(request.POST, request.FILES) cred_form = CredMappingForm(request.POST) cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter( @@ -722,32 +769,7 @@ def import_scan_results(request, eid=None, pid=None): return HttpResponseRedirect( reverse('view_test', args=(test.id, ))) - prod_id = None - custom_breadcrumb = None - title = "Import Scan Results" - if engagement: - product_tab = Product_Tab(engagement.product, title=title, tab="engagements") - product_tab.setEngagement(engagement) - else: - custom_breadcrumb = {"", ""} - product_tab = Product_Tab(product, title=title, tab="findings") - - if jira_helper.get_jira_project(engagement_or_product): - jform = JIRAImportScanForm(push_all=push_all_jira_issues, prefix='jiraform') - - form.fields['endpoints'].queryset = Endpoint.objects.filter(product__id=product_tab.product.id) - form.fields['api_scan_configuration'].queryset = Product_API_Scan_Configuration.objects.filter(product__id=product_tab.product.id) - return render(request, - 'dojo/import_scan_results.html', - {'form': form, - 'product_tab': product_tab, - 'engagement_or_product': engagement_or_product, - 'custom_breadcrumb': custom_breadcrumb, - 'title': title, - 'cred_form': cred_form, - 'jform': jform, - 'scan_types': get_scan_types_sorted(), - }) + return HttpResponseRedirect(reverse('view_test', args=(test.id, ))) @user_is_authorized(Engagement, Permissions.Engagement_Edit, 'eid') diff --git a/dojo/models.py b/dojo/models.py index b5d86e5671f..64de43ffc5b 100755 --- a/dojo/models.py +++ b/dojo/models.py @@ -3763,7 +3763,7 @@ class Notifications(models.Model): sla_breach = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True, verbose_name=_('SLA breach'), help_text=_('Get notified of (upcoming) SLA breaches')) - risk_acceptance_expiration = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True, + risk_acceptance_expiration = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True, verbose_name=_('Risk Acceptance Expiration'), help_text=_('Get notified of (upcoming) Risk Acceptance expiries')) diff --git a/dojo/product/urls.py b/dojo/product/urls.py index cfee2111cc6..263d87b66f0 100644 --- a/dojo/product/urls.py +++ b/dojo/product/urls.py @@ -1,6 +1,7 @@ from django.urls import re_path from dojo.product import views +from dojo.engagement import views as dojo_engagement_views urlpatterns = [ # product @@ -12,7 +13,7 @@ re_path(r'^product/(?P\d+)/engagements$', views.view_engagements, name='view_engagements'), re_path(r'^product/(?P\d+)/import_scan_results$', - views.import_scan_results_prod, name='import_scan_results_prod'), + dojo_engagement_views.ImportScanResultsView.as_view(), name='import_scan_results_prod'), re_path(r'^product/(?P\d+)/metrics$', views.view_product_metrics, name='view_product_metrics'), re_path(r'^product/(?P\d+)/async_burndown_metrics$', views.async_burndown_metrics, diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 059b366085c..4f0716a5549 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1259,6 +1259,7 @@ def saml2_attrib_map_format(dict): 'Nuclei Scan': ['title', 'cwe', 'severity'], 'KubeHunter Scan': ['title', 'description'], 'kube-bench Scan': ['title', 'vuln_id_from_tool', 'description'], + 'Threagile risks report': ['title', 'cwe', "severity"], } # Override the hardcoded settings here via the env var @@ -1316,6 +1317,7 @@ def saml2_attrib_map_format(dict): 'Codechecker Report native': True, 'Wazuh': True, 'Nuclei Scan': True, + 'Threagile risks report': True } # List of fields that are known to be usable in hash_code computation) @@ -1454,6 +1456,7 @@ def saml2_attrib_map_format(dict): 'Nuclei Scan': DEDUPE_ALGO_HASH_CODE, 'KubeHunter Scan': DEDUPE_ALGO_HASH_CODE, 'kube-bench Scan': DEDUPE_ALGO_HASH_CODE, + 'Threagile risks report': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, } # Override the hardcoded settings here via the env var diff --git a/dojo/tools/awssecurityhub/parser.py b/dojo/tools/awssecurityhub/parser.py index 4d01e4c343c..2e411ce259b 100644 --- a/dojo/tools/awssecurityhub/parser.py +++ b/dojo/tools/awssecurityhub/parser.py @@ -25,12 +25,14 @@ def get_items(self, tree: dict, test): # DefectDojo/django-DefectDojo/issues/2780 findings = tree.get("Findings", tree.get("findings", None)) - if not findings: - return list() + if not isinstance(findings, list): + raise ValueError("Incorrect Security Hub report format") for node in findings: item = get_item(node, test) key = node["Id"] + if not isinstance(key, str): + raise ValueError("Incorrect Security Hub report format") items[key] = item return list(items.values()) @@ -42,6 +44,8 @@ def get_item(finding: dict, test): title = finding.get("Title", "") severity = finding.get("Severity", {}).get("Label", "INFORMATIONAL").title() mitigation = "" + impact = [] + references = [] unsaved_vulnerability_ids = [] if aws_scanner_type == "Inspector": description = f"This is an Inspector Finding\n{finding.get('Description', '')}" @@ -50,12 +54,18 @@ def get_item(finding: dict, test): # Save the CVE if it is present if cve := vulnerability.get("Id"): unsaved_vulnerability_ids.append(cve) + for alias in vulnerability.get("RelatedVulnerabilities", []): + if alias != cve: + unsaved_vulnerability_ids.append(alias) # Add information about the vulnerable packages to the description and mitigation vulnerable_packages = vulnerability.get("VulnerablePackages", []) for package in vulnerable_packages: mitigation += f"- Update {package.get('Name', '')}-{package.get('Version', '')}\n" if remediation := package.get("Remediation"): mitigation += f"\t- {remediation}\n" + if vendor := vulnerability.get("Vendor"): + if vendor_url := vendor.get("Url"): + references.append(vendor_url) if finding.get("ProductFields", {}).get("aws/inspector/FindingStatus", "ACTIVE") == "ACTIVE": mitigated = None @@ -91,27 +101,44 @@ def get_item(finding: dict, test): is_Mitigated = False active = True - resources = finding.get("Resources", "") - resource_id = resources[0]["Id"].split(":")[-1] - references = finding.get("Remediation", {}).get("Recommendation", {}).get("Url") + title_suffix = "" + for resource in finding.get("Resources", []): + if resource.get("Type") == "AwsEcrContainerImage": + details = resource.get("Details", {}).get("AwsEcrContainerImage") + arn = resource.get("Id") + if details: + impact.append(f"Image ARN: {arn}") + impact.append(f"Registry: {details.get('RegistryId')}") + impact.append(f"Repository: {details.get('RepositoryName')}") + impact.append(f"Image digest: {details.get('ImageDigest')}") + title_suffix = f" - Image: {arn.split('/', 1)[1]}" # repo-name/sha256:digest + else: # generic implementation + resource_id = resource["Id"].split(":")[-1] + impact.append(f"Resource: {resource_id}") + title_suffix = f" - Resource: {resource_id}" + + if remediation_rec_url := finding.get("Remediation", {}).get("Recommendation", {}).get("Url"): + references.append(remediation_rec_url) false_p = False - finding = Finding( - title=f"{title} - Resource: {resource_id}", + result = Finding( + title=f"{title}{title_suffix}", test=test, description=description, mitigation=mitigation, - references=references, + references="\n".join(references), severity=severity, - impact=f"Resource: {resource_id}", + impact="\n".join(impact), active=active, verified=False, false_p=false_p, unique_id_from_tool=finding_id, mitigated=mitigated, is_mitigated=is_Mitigated, + static_finding=True, + dynamic_finding=False, ) # Add the unsaved vulnerability ids - finding.unsaved_vulnerability_ids = unsaved_vulnerability_ids + result.unsaved_vulnerability_ids = unsaved_vulnerability_ids - return finding + return result diff --git a/dojo/tools/hcl_appscan/__init__.py b/dojo/tools/hcl_appscan/__init__.py new file mode 100644 index 00000000000..99e8e118c6a --- /dev/null +++ b/dojo/tools/hcl_appscan/__init__.py @@ -0,0 +1 @@ +__author__ = "manuel_sommer" diff --git a/dojo/tools/hcl_appscan/parser.py b/dojo/tools/hcl_appscan/parser.py new file mode 100755 index 00000000000..b40817fd38b --- /dev/null +++ b/dojo/tools/hcl_appscan/parser.py @@ -0,0 +1,83 @@ +from xml.dom import NamespaceErr +from defusedxml import ElementTree as ET +from dojo.models import Finding, Endpoint + + +class HCLAppScanParser(object): + def get_scan_types(self): + return ["HCLAppScan XML"] + + def get_label_for_scan_types(self, scan_type): + return scan_type # no custom label for now + + def get_description_for_scan_types(self, scan_type): + return "Import XML output of HCL AppScan." + + def get_findings(self, file, test): + findings = [] + tree = ET.parse(file) + root = tree.getroot() + if "xml-report" not in root.tag: + raise NamespaceErr( + "This doesn't seem to be a valid HCLAppScan xml file." + ) + report = root.find("issue-group") + if report is not None: + for finding in report: + description = "" + for item in finding: + match item.tag: + case 'severity': + severity = item.text + case 'cwe': + cwe = item.text + case 'remediation': + remediation = item.text + case 'advisory': + advisory = item.text + case 'issue-type-name': + issuetypename = item.text + description = description + "Issue-Type-Name: " + issuetypename + "\n" + case 'location': + location = item.text + description = description + "Location: " + location + "\n" + case 'domain': + domain = item.text + description = description + "Domain: " + domain + "\n" + case 'element': + element = item.text + description = description + "Element: " + element + "\n" + case 'element-type': + elementtype = item.text + description = description + "ElementType: " + elementtype + "\n" + case 'path': + path = item.text + description = description + "Path: " + path + "\n" + case 'scheme': + scheme = item.text + description = description + "Scheme: " + scheme + "\n" + case 'host': + host = item.text + description = description + "Host: " + host + "\n" + case 'port': + port = item.text + description = description + "Port: " + port + "\n" + case 'asoc-issue-id': + asocissueid = item.text + finding = Finding( + title=str(issuetypename + "_" + domain + "_" + path), + description=description, + severity=severity, + cwe=cwe, + mitigation="Remediation: " + remediation + "\nAdvisory: " + advisory, + dynamic_finding=True, + static_finding=False, + unique_id_from_tool=asocissueid + ) + findings.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=host, port=port) + finding.unsaved_endpoints.append(endpoint) + return findings + else: + return findings diff --git a/dojo/tools/kiuwan/parser.py b/dojo/tools/kiuwan/parser.py index 14bbc85f530..00e06a9edb4 100644 --- a/dojo/tools/kiuwan/parser.py +++ b/dojo/tools/kiuwan/parser.py @@ -59,7 +59,7 @@ def get_findings(self, filename, test): findingdict["line_number"] = row["Line number"] findingdict["description"] = ( "**Vulnerability type** : " - + row["Vulnerability type"] + + row["Software characteristic"] + "\n\n" + "**CWE Scope** : " + row["CWE Scope"] @@ -92,7 +92,7 @@ def get_findings(self, filename, test): finding.title = findingdict["title"] finding.file_path = findingdict["file"] - finding.line = findingdict["line_number"] + finding.line = findingdict["line_number"] if findingdict["line_number"] != "" else None finding.description = findingdict["description"] finding.references = "Not provided!" finding.mitigation = "Not provided!" diff --git a/dojo/tools/mobsf/parser.py b/dojo/tools/mobsf/parser.py index fcf623cfe3a..2ad02517b51 100644 --- a/dojo/tools/mobsf/parser.py +++ b/dojo/tools/mobsf/parser.py @@ -139,6 +139,25 @@ def get_findings(self, filename, test): "file_path": details["name"] } mobsf_findings.append(mobsf_item) + elif data["binary_analysis"].get("findings"): + for binary_analysis_type, details in list(data["binary_analysis"]["findings"].items()): + # "findings":{ + # "Binary makes use of insecure API(s)":{ + # "detailed_desc":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n", + # "severity":"high", + # "cvss":6, + # "cwe":"CWE-676: Use of Potentially Dangerous Function", + # "owasp-mobile":"M7: Client Code Quality", + # "masvs":"MSTG-CODE-8" + # }, + mobsf_item = { + "category": "Binary Analysis", + "title": details["detailed_desc"], + "severity": details["severity"].replace("good", "info").title(), + "description": details["detailed_desc"], + "file_path": None + } + mobsf_findings.append(mobsf_item) else: for binary_analysis_type, details in list(data["binary_analysis"].items()): # "Binary makes use of insecure API(s)":{ diff --git a/dojo/tools/openvas_xml/__init__.py b/dojo/tools/openvas_xml/__init__.py new file mode 100644 index 00000000000..99e8e118c6a --- /dev/null +++ b/dojo/tools/openvas_xml/__init__.py @@ -0,0 +1 @@ +__author__ = "manuel_sommer" diff --git a/dojo/tools/openvas_xml/parser.py b/dojo/tools/openvas_xml/parser.py new file mode 100755 index 00000000000..65449e8c812 --- /dev/null +++ b/dojo/tools/openvas_xml/parser.py @@ -0,0 +1,68 @@ +from xml.dom import NamespaceErr +from defusedxml import ElementTree as ET +from dojo.models import Finding + + +class OpenVASXMLParser(object): + def get_scan_types(self): + return ["OpenVAS XML"] + + def get_label_for_scan_types(self, scan_type): + return scan_type # no custom label for now + + def get_description_for_scan_types(self, scan_type): + return "Import XML output of Greenbone OpenVAS XML report." + + def convert_cvss_score(self, raw_value): + val = float(raw_value) + if val == 0.0: + return "Info" + elif val < 4.0: + return "Low" + elif val < 7.0: + return "Medium" + elif val < 9.0: + return "High" + else: + return "Critical" + + def get_findings(self, file, test): + findings = [] + tree = ET.parse(file) + root = tree.getroot() + if "report" not in root.tag: + raise NamespaceErr( + "This doesn't seem to be a valid Greenbone OpenVAS xml file." + ) + report = root.find("report") + results = report.find("results") + for result in results: + for finding in result: + if finding.tag == "name": + title = finding.text + description = [f"**Name**: {finding.text}"] + if finding.tag == "host": + title = title + "_" + finding.text + description.append(f"**Host**: {finding.text}") + if finding.tag == "port": + title = title + "_" + finding.text + description.append(f"**Port**: {finding.text}") + if finding.tag == "nvt": + description.append(f"**NVT**: {finding.text}") + if finding.tag == "severity": + severity = self.convert_cvss_score(finding.text) + description.append(f"**Severity**: {finding.text}") + if finding.tag == "qod": + description.append(f"**QOD**: {finding.text}") + if finding.tag == "description": + description.append(f"**Description**: {finding.text}") + + finding = Finding( + title=str(title), + description="\n".join(description), + severity=severity, + dynamic_finding=True, + static_finding=False + ) + findings.append(finding) + return findings diff --git a/dojo/tools/sarif/parser.py b/dojo/tools/sarif/parser.py index d604279218c..14d81849570 100644 --- a/dojo/tools/sarif/parser.py +++ b/dojo/tools/sarif/parser.py @@ -3,6 +3,8 @@ import re import textwrap import dateutil.parser +from django.utils.translation import gettext as _ + from dojo.tools.parser_test import ParserTest from dojo.models import Finding @@ -214,29 +216,43 @@ def get_snippet(result): def get_codeFlowsDescription(codeFlows): description = "" for codeFlow in codeFlows: - if "threadFlows" not in codeFlow: - continue - for threadFlow in codeFlow["threadFlows"]: + for threadFlow in codeFlow.get('threadFlows', []): if "locations" not in threadFlow: continue - description = "**Code flow:**\n" - for location in threadFlow["locations"]: - physicalLocation = location["location"]["physicalLocation"] - region = physicalLocation["region"] - description += ( - "\t" + physicalLocation["artifactLocation"]["uri"] - if "byteOffset" in region - else "\t" - + physicalLocation["artifactLocation"]["uri"] - + ":" - + str(region["startLine"]) - ) + description = f"**{_('Code flow')}:**\n" + line = 1 + + for location in threadFlow.get('locations', []): + physicalLocation = location.get('location', {}).get('physicalLocation', {}) + region = physicalLocation.get("region", {}) + uri = physicalLocation.get("artifactLocation").get("uri") + + start_line = "" + start_column = "" + snippet = "" + + if "startLine" in region: + start_line = f":L{str(region.get('startLine'))}" + if "startColumn" in region: - description += ":" + str(region["startColumn"]) + start_column = f":C{str(region.get('startColumn'))}" + if "snippet" in region: - description += "\t-\t" + region["snippet"]["text"] - description += "\n" + snippet = f"\t-\t{region.get('snippet').get('text')}" + + description += f"{line}. {uri}{start_line}{start_column}{snippet}\n" + + if 'message' in location.get('location', {}): + message_field = location.get('location', {}).get('message', {}) + if 'markdown' in message_field: + message = message_field.get('markdown', '') + else: + message = message_field.get('text', '') + + description += f"\t{message}\n" + + line += 1 return description @@ -253,16 +269,14 @@ def get_description(result, rule): description += "**Snippet:**\n```{}```\n".format(get_snippet(result)) if rule is not None: if "name" in rule: - description += "**Rule name:** {}\n".format(rule.get("name")) + description += f"**{_('Rule name')}:** {rule.get('name')}\n" shortDescription = "" if "shortDescription" in rule: shortDescription = get_message_from_multiformatMessageString( rule["shortDescription"], rule ) if shortDescription != message: - description += "**Rule short description:** {}\n".format( - shortDescription - ) + description += f"**{_('Rule short description')}:** {shortDescription}\n" if "fullDescription" in rule: fullDescription = get_message_from_multiformatMessageString( rule["fullDescription"], rule @@ -271,9 +285,7 @@ def get_description(result, rule): fullDescription != message and fullDescription != shortDescription ): - description += "**Rule full description:** {}\n".format( - fullDescription - ) + description += f"**{_('Rule full description')}:** {fullDescription}\n" if len(result.get("codeFlows", [])) > 0: description += get_codeFlowsDescription(result["codeFlows"]) @@ -420,6 +432,7 @@ def get_item(result, rules, artifacts, run_date): # manage tags provided in the report and rule and remove duplicated tags = list(set(get_properties_tags(rule) + get_properties_tags(result))) + tags = [s.removeprefix('external/cwe/') for s in tags] finding.tags = tags # manage fingerprints diff --git a/dojo/tools/ssh_audit/__init__.py b/dojo/tools/ssh_audit/__init__.py new file mode 100644 index 00000000000..99e8e118c6a --- /dev/null +++ b/dojo/tools/ssh_audit/__init__.py @@ -0,0 +1 @@ +__author__ = "manuel_sommer" diff --git a/dojo/tools/ssh_audit/parser.py b/dojo/tools/ssh_audit/parser.py new file mode 100644 index 00000000000..ec8745ea7c6 --- /dev/null +++ b/dojo/tools/ssh_audit/parser.py @@ -0,0 +1,204 @@ +import json +from dojo.models import Endpoint, Finding + + +class SSHAuditParser(object): + def get_scan_types(self): + return ["SSH Audit Importer"] + + def get_label_for_scan_types(self, scan_type): + return scan_type # no custom label for now + + def get_description_for_scan_types(self, scan_type): + return "Import result of SSH Audit JSON output." + + def convert_cvss_score(self, raw_value): + """According to CVSS official numbers https://nvd.nist.gov/vuln-metrics/cvss + None 0.0 + Low 0.0-3.9 Low 0.1-3.9 + Medium 4.0-6.9 Medium 4.0-6.9 + High 7.0-10.0 High 7.0-8.9 + Critical 9.0-10.0""" + val = float(raw_value) + if val == 0.0: + return "Info" + elif val < 4.0: + return "Low" + elif val < 7.0: + return "Medium" + elif val < 9.0: + return "High" + else: + return "Critical" + + def get_findings(self, filename, test): + items = [] + try: + data = json.load(filename) + except ValueError as err: + data = {} + if data != {}: + title = data['banner']['raw'] + for cve in data['cves']: + cvename = cve['name'] + description = [f"**CVE**: {cvename}"] + description.append(f"**Description**: {cve['description']}") + description.append(f"**Banner**: {title}") + severity = self.convert_cvss_score(raw_value=cve['cvssv2']) + finding = Finding(title=str(title) + "_" + str(cvename), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + for kex in data['kex']: + if 'fail' in kex['notes'] and 'warn' in kex['notes']: + kexname = kex['algorithm'] + description = [f"**Algorithm**: {kexname}"] + description.append(f"**Description Failure**: {kex['notes']['fail']}") + description.append(f"**Description Warning**: {kex['notes']['warn']}") + description.append(f"**Info**: {kex['notes']['info']}") + severity = "High" + finding = Finding(title=str(title) + "_" + str(kexname), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + elif 'fail' in kex['notes']: + kexname = kex['algorithm'] + description = [f"**Algorithm**: {kexname}"] + description.append(f"**Description Failure**: {kex['notes']['fail']}") + description.append(f"**Info**: {kex['notes']['info']}") + severity = "High" + finding = Finding(title=str(title) + "_" + str(kexname), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + elif 'warn' in kex['notes']: + kexname = kex['algorithm'] + description = [f"**Algorithm**: {kexname}"] + description.append(f"**Description Warning**: {kex['notes']['warn']}") + description.append(f"**Info**: {kex['notes']['info']}") + severity = "Medium" + finding = Finding(title=str(title) + "_" + str(kexname), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + for key in data['key']: + if 'fail' in key['notes'] and 'warn' in key['notes']: + keyname = key['algorithm'] + description = [f"**Algorithm**: {keyname}"] + description.append(f"**Description Failure**: {key['notes']['fail']}") + description.append(f"**Description Warning**: {key['notes']['warn']}") + if 'keysize' in key: + description.append(f"**KeySize**: {key['keysize']}") + description.append(f"**Info**: {key['notes']['info']}") + severity = "High" + finding = Finding(title=str(title) + "_" + str(keyname), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + elif 'fail' in key['notes']: + keyname = key['algorithm'] + description = [f"**Algorithm**: {keyname}"] + description.append(f"**Description Failure**: {key['notes']['fail']}") + if 'keysize' in key: + description.append(f"**KeySize**: {key['keysize']}") + description.append(f"**Info**: {key['notes']['info']}") + severity = "High" + finding = Finding(title=str(title) + "_" + str(keyname), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + elif 'warn' in key['notes']: + keyname = key['algorithm'] + description = [f"**Algorithm**: {keyname}"] + description.append(f"**Description Warning**: {key['notes']['warn']}") + if 'keysize' in key: + description.append(f"**KeySize**: {key['keysize']}") + description.append(f"**Info**: {key['notes']['info']}") + severity = "Medium" + finding = Finding(title=str(title) + "_" + str(keyname), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + for mac in data['mac']: + if 'fail' in mac['notes'] and 'warn' in mac['notes']: + macname = mac['algorithm'] + description = [f"**Algorithm**: {macname}"] + description.append(f"**Description Failure**: {mac['notes']['fail']}") + description.append(f"**Description Warning**: {mac['notes']['warn']}") + description.append(f"**Info**: {mac['notes']['info']}") + severity = "High" + finding = Finding(title=str(title) + "_" + str(macname), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + elif 'fail' in mac['notes']: + macname = mac['algorithm'] + description = [f"**Algorithm**: {macname}"] + description.append(f"**Description Failure**: {mac['notes']['fail']}") + description.append(f"**Info**: {mac['notes']['info']}") + severity = "High" + finding = Finding(title=str(title) + "_" + str(macname), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + elif 'warn' in mac['notes']: + macname = mac['algorithm'] + description = [f"**Algorithm**: {macname}"] + description.append(f"**Description Warning**: {mac['notes']['warn']}") + description.append(f"**Info**: {mac['notes']['info']}") + severity = "Medium" + finding = Finding(title=str(title) + "_" + str(macname), + test=test, + description="\n".join(description), + severity=severity, + static_finding=False) + items.append(finding) + finding.unsaved_endpoints = list() + endpoint = Endpoint(host=data['target'].split(':')[0], port=data['target'].split(':')[1]) + finding.unsaved_endpoints.append(endpoint) + return items diff --git a/dojo/tools/sysdig_reports/__init__.py b/dojo/tools/sysdig_reports/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/tools/sysdig_reports/parser.py b/dojo/tools/sysdig_reports/parser.py new file mode 100644 index 00000000000..2010ffb48e0 --- /dev/null +++ b/dojo/tools/sysdig_reports/parser.py @@ -0,0 +1,160 @@ +from dojo.models import Finding +from dojo.tools.sysdig_reports.sysdig_csv_parser import CSVParser + +from cvss.cvss3 import CVSS3 +import cvss.parser + + +class SysdigReportsParser(object): + """ + Sysdig Report Importer - Runtime CSV + """ + + def get_scan_types(self): + return ["Sysdig Vulnerability Report - Pipeline, Registry and Runtime (CSV)"] + + def get_label_for_scan_types(self, scan_type): + return "Sysdig Vulnerability Report Scan" + + def get_description_for_scan_types(self, scan_type): + return "Import of Sysdig Pipeline, Registry and Runtime Vulnerability Report Scans in CSV format." + + def get_findings(self, filename, test): + + if filename is None: + return () + + if filename.name.lower().endswith('.csv'): + arr_data = CSVParser().parse(filename=filename) + else: + return () + + if len(arr_data) == 0: + return () + sysdig_report_findings = [] + + for row in arr_data: + finding = Finding(test=test) + + # Generate finding + if row.k8s_cluster_name != "": + finding.title = f"{row.k8s_cluster_name} - {row.k8s_namespace_name} - {row.package_name} - {row.vulnerability_id}" + else: + finding.title = f"{row.vulnerability_id} - {row.package_name}" + + finding.vuln_id_from_tool = row.vulnerability_id + finding.cve = row.vulnerability_id + finding.severity = row.severity + + # Set Component Version + finding.component_name = row.package_name + finding.component_version = row.package_version + + # Set some finding tags + tags = [] + + if row.k8s_cluster_name != "": + tags.append("Cluster: " + row.k8s_cluster_name) + if row.k8s_namespace_name != "": + tags.append("Namespace: " + row.k8s_namespace_name) + if row.k8s_workload_name != "": + tags.append("WorkloadName: " + row.k8s_workload_name) + if row.package_name != "": + tags.append("PackageName: " + row.package_name) + if row.package_version != "": + tags.append("PackageVersion: " + row.package_version) + if row.k8s_cluster_name != "": + tags.append("InUse: " + str(row.in_use)) + if row.vulnerability_id != "": + tags.append("VulnId: " + row.vulnerability_id) + finding.tags = tags + + if row.k8s_cluster_name != "": + finding.dynamic_finding = True + finding.static_finding = False + finding.description += f"###Runtime Context {row.k8s_cluster_name}" f"\n - **Cluster:** {row.k8s_cluster_name}" + finding.description += f"\n - **Namespace:** {row.k8s_namespace_name}" + finding.description += f"\n - **Workload Name:** {row.k8s_workload_name} " + finding.description += f"\n - **Workload Type:** {row.k8s_workload_type} " + finding.description += f"\n - **Container Name:** {row.k8s_container_name}" + else: + finding.dynamic_finding = False + finding.static_finding = True + + if row.cloud_provider_name != "" or row.cloud_provider_name != "" or row.cloud_provider_region != "": + finding.description += "\n\n###Cloud Details" + if row.cloud_provider_name != "": + finding.description += f"\n - **Cloud Provider Name:** {row.cloud_provider_name}" + if row.cloud_provider_account_id != "": + finding.description += f"\n - **Cloud Provider Account Id:** {row.cloud_provider_account_id}" + if row.cloud_provider_region != "": + finding.description += f"\n - **Cloud Provider Region:** {row.cloud_provider_region}" + + if row.registry_name != "" or row.registry_image_repository != "" or row.registry_vendor != "": + finding.description += "\n\n###Registry Details" + if row.registry_name != "": + finding.description += f"\n - **Registry Name:** {row.registry_name}" + if row.registry_image_repository != "": + finding.description += f"\n - **Registry Image Repository:** {row.registry_image_repository}" + if row.registry_vendor != "": + finding.description += f"\n - **Registry Vendor:** {row.registry_vendor}" + + finding.description += "\n\n###Vulnerability Details" + finding.description += f"\n - **Vulnerability ID:** {row.vulnerability_id}" + finding.description += f"\n - **Vulnerability Link:** {row.vuln_link}" + finding.description += f"\n - **Severity:** {row.severity}" + finding.description += f"\n - **Publish Date:** {row.vuln_publish_date}" + finding.description += f"\n - **CVSS Version:** {row.cvss_version}" + finding.description += f"\n - **CVSS Vector:** {row.cvss_vector}" + if row.public_exploit != '': + finding.description += f"\n - **Public Exploit:** {row.public_exploit}" + + finding.description += "\n\n###Package Details" + if row.package_type == "os": + finding.description += f"\n - **Package Type: {row.package_type} \\* Consider upgrading your Base OS \\***" + else: + finding.description += f"\n - **Package Type:** {row.package_type}" + finding.description += f"\n - **Package Name:** {row.package_name}" + finding.description += f"\n - **Package Version:** {row.package_version}" + finding.description += f"\n - **In-Use:** {row.in_use}" + + if row.package_path != '': + finding.description += f"\n - **Package Path:** {row.package_path}" + finding.file_path = row.package_path + if row.package_suggested_fix != '': + finding.mitigation = f"Package suggested fix version: {row.package_suggested_fix}" + finding.description += f"\n - **Package suggested fix version:** {row.package_suggested_fix}" + if row.package_type == "os": + finding.mitigation += "\n\\*** Consider upgrading your Base OS \\***" + + finding.description += "\n\n###Image Details" + finding.description += f"\n - **Image Name:** {row.image}" + finding.description += f"\n - **Image OS:** {row.os_name}" + finding.description += f"\n - **Image ID:** {row.image_id}" + + # If we have registry information + if row.registry_name != "": + finding.description += f"\n - **Registry Name:** {row.registry_name}" + finding.description += f"\n - **Registy Image Repository:** {row.registry_image_repository}" + + try: + if float(row.cvss_version) >= 3: + finding.cvssv3_score = row.cvss_score + vectors = cvss.parser.parse_cvss_from_text(row.cvss_vector) + if len(vectors) > 0 and isinstance(vectors[0], CVSS3): + finding.cvss = vectors[0].clean_vector() + + except ValueError: + continue + + finding.risk_accepted = row.risk_accepted + + # Set reference + if row.vuln_link != "": + finding.references = row.vuln_link + finding.url = row.vuln_link + + # finally, Add finding to list + sysdig_report_findings.append(finding) + + return sysdig_report_findings diff --git a/dojo/tools/sysdig_reports/sysdig_csv_parser.py b/dojo/tools/sysdig_reports/sysdig_csv_parser.py new file mode 100644 index 00000000000..84fee6daac1 --- /dev/null +++ b/dojo/tools/sysdig_reports/sysdig_csv_parser.py @@ -0,0 +1,78 @@ +import csv +import io +from dojo.tools.sysdig_reports.sysdig_data import SysdigData + + +class CSVParser: + """ + Sysdig CSV Data Parser + """ + + def parse(self, filename) -> SysdigData: + + if filename is None: + return () + + content = filename.read() + if type(content) is bytes: + content = content.decode('utf-8') + reader = csv.DictReader(io.StringIO(content), delimiter=',', quotechar='"') + + # normalise on lower case for consistency + reader.fieldnames = [name.lower() for name in reader.fieldnames] + + csvarray = [] + + for row in reader: + # Compare headers to values. + if len(row) != len(reader.fieldnames): + raise ValueError(f"Number of fields in row ({len(row)}) does not match number of headers ({len(reader.fieldnames)})") + + # Check for a CVE value to being with + if not row[reader.fieldnames[0]].startswith("CVE"): + raise ValueError(f"Expected 'CVE' at the start but got: {row[reader.fieldnames[0]]}") + + csvarray.append(row) + + arr_csv_data = [] + + for row in csvarray: + + csv_data_record = SysdigData() + + csv_data_record.vulnerability_id = row.get('vulnerability id', '') + csv_data_record.severity = csv_data_record._map_severity(row.get('severity').upper()) + csv_data_record.package_name = row.get('package name', '') + csv_data_record.package_version = row.get('package version', '') + csv_data_record.package_type = row.get('package type', '') + csv_data_record.package_path = row.get('package path', '') + csv_data_record.image = row.get('image', '') + csv_data_record.os_name = row.get('os name', '') + csv_data_record.cvss_version = row.get('cvss version', '') + csv_data_record.cvss_score = row.get('cvss score', '') + csv_data_record.cvss_vector = row.get('cvss vector', '') + csv_data_record.vuln_link = row.get('vuln link', '') + csv_data_record.vuln_publish_date = row.get('vuln publish date', '') + csv_data_record.vuln_fix_date = row.get('vuln fix date', '') + csv_data_record.vuln_fix_version = row.get('fix version', '') + csv_data_record.public_exploit = row.get('public exploit', '') + csv_data_record.k8s_cluster_name = row.get('k8s cluster name', '') + csv_data_record.k8s_namespace_name = row.get('k8s namespace name', '') + csv_data_record.k8s_workload_type = row.get('k8s workload type', '') + csv_data_record.k8s_workload_name = row.get('k8s workload name', '') + csv_data_record.k8s_container_name = row.get('k8s container name', '') + csv_data_record.image_id = row.get('image id', '') + csv_data_record.k8s_pod_count = row.get('k8s pod count', '') + csv_data_record.package_suggested_fix = row.get('package suggested fix', '') + csv_data_record.in_use = row.get('in use', '') == 'TRUE' + csv_data_record.risk_accepted = row.get('risk accepted', '') == 'TRUE' + csv_data_record.registry_name = row.get('registry name', '') + csv_data_record.registry_image_repository = row.get('registry image repository', '') + csv_data_record.cloud_provider_name = row.get('cloud provider name', '') + csv_data_record.cloud_provider_account_id = row.get('cloud provider account ID', '') + csv_data_record.cloud_provider_region = row.get('cloud provider region', '') + csv_data_record.registry_vendor = row.get('registry vendor', '') + + arr_csv_data.append(csv_data_record) + + return arr_csv_data diff --git a/dojo/tools/sysdig_reports/sysdig_data.py b/dojo/tools/sysdig_reports/sysdig_data.py new file mode 100644 index 00000000000..24f3019fbf9 --- /dev/null +++ b/dojo/tools/sysdig_reports/sysdig_data.py @@ -0,0 +1,56 @@ +import datetime + + +class SysdigData: + + def _map_severity(self, severity): + severity_mapping = { + "CRITICAL": "Critical", + "HIGH": "High", + "MEDIUM": "Medium", + "LOW": "Low", + "NEGLIGIBLE": "Informational" + } + + return severity_mapping.get(severity, "Informational") + + """ + Data class to represent the Sysdig data extracted from sources like CSV or JSON. + """ + def __init__(self): + self.vulnerability_id: str = "" + self.url: str = "" + self.severity: str = "" + self.package_name: str = "" + self.package_version: str = "" + self.package_type: str = "" + self.package_path: str = "" + self.image: str = "" + self.os_name: str = "" + self.cvss_version: float = 0 + self.cvss_score: float = 0 + self.cvss_vector: str = "" + self.vuln_link: str = "" + self.vuln_publish_date: str = "" + self.vuln_fix_date: datetime.date = None + self.vuln_fix_version: str = "" + self.public_exploit: str = "" + self.k8s_cluster_name: str = "" + self.k8s_namespace_name: str = "" + self.k8s_workload_type: str = "" + self.k8s_workload_name: str = "" + self.k8s_container_name: str = "" + self.image_id: str = "" + self.k8s_pod_count: str = 0 + self.in_use: bool = False + self.risk_accepted: bool = False + self.publish_date: datetime.date = None + self.component_version: str = "" + self.package_suggested_fix: str = "" + self.image_type: str = "" + self.registry_name: str = "" + self.registry_image_repository: str = "" + self.registry_vendor: str = "" + self.cloud_provider_name: str = "" + self.cloud_provider_account_id: str = "" + self.cloud_provider_region: str = "" diff --git a/dojo/tools/threagile/__init__.py b/dojo/tools/threagile/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/tools/threagile/parser.py b/dojo/tools/threagile/parser.py new file mode 100644 index 00000000000..88e8f838c2c --- /dev/null +++ b/dojo/tools/threagile/parser.py @@ -0,0 +1,145 @@ +import json + +from dojo.models import Finding + +RISK_TO_CWE_MAP = { + "accidental-secret-leak": 200, + "code-backdooring": 912, + "container-baseimage-backdooring": 912, + "container-platform-escape": 1008, + "cross-site-request-forgery": 352, + "cross-site-scripting": 79, + "dos-risky-access-across-trust-boundary": 400, + "incomplete-model": 1008, + "ldap-injection": 90, + "missing-authentication-second-factor": 308, + "missing-authentication": 306, + "missing-build-infrastructure": 1127, + "missing-cloud-hardening": 1008, + "missing-file-validation": 434, + "missing-hardening": 16, + "missing-identity-propagation": 204, + "missing-identity-provider-isolation": 1008, + "missing-identity-store": 287, + "missing-network-segmentation": 1008, + "missing-vault-isolation": 1008, + "missing-vault": 522, + "missing-waf": 1008, + "mixed-target-on-shared-runtime": 1008, + "path-traversal": 22, + "push-instead-of-pull-deployment": 1127, + "search-query-injection": 74, + "server-side-request-forgery": 918, + "service-registry-poisoning": 693, + "sql-injection-rule": 89, + "unchecked-deployment": 1127, + "unencrypted-asset": 311, + "unencrypted-communication": 319, + "unguarded-access-from-internet": 501, + "unguarded-direct-datastore-access": 501, + "unnecessary-communication-link": 1008, + "unnecessary-data-asset": 1008, + "unnecessary-data-transfer": 1008, + "unnecessary-technical-asset": 1008, + "untrusted-deserialization": 502, + "wrong-communication-link": 1008, + "wrong-trust-boudnary-content": 1008, + "xml-external-entity": 611 +} + + +class ThreagileParser(object): + """ + Import ThreaAgile threatmodel risk finding in JSON format + """ + + REQUIRED_FIELDS = ["category", "title", "severity", "synthetic_id", + "exploitation_impact"] + + def get_scan_types(self): + return ["Threagile risks report"] + + def get_label_for_scan_types(self, scan_type): + return "Threagile risks report" + + def get_description_for_scan_types(self, scan_type): + return "Threagile Risks Report in JSON format (risks.json)." + + def get_findings(self, file, test): + if file is None: + return None + + return self.get_items(json.load(file), test) + + def get_items(self, tree, test): + if not isinstance(tree, list): + raise ValueError("Invalid ThreAgile risks file") + if not tree: + return list() + findings = [] + for item in tree: + for field in self.REQUIRED_FIELDS: + if field not in item.keys(): + raise ValueError( + f"Invalid ThreAgile risks file, missing field {field}") + severity = item.get("severity", "info").capitalize() + severity = severity if severity != "Elevated" else "High" + finding = Finding( + title=item.get("category"), + cwe=RISK_TO_CWE_MAP.get(item.get("category"), None), + description=item.get("title"), + impact=item.get("exploitation_impact"), + severity=severity, + test=test, + unique_id_from_tool=item.get("synthetic_id") + ) + self.determine_mitigated(finding, item) + self.determine_accepted(finding, item) + self.determine_under_review(finding, item) + self.determine_false_positive(finding, item) + self.determine_verified(finding, item) + self.determine_component(finding, item) + findings.append(finding) + return findings + + def determine_mitigated(self, finding, item): + risk_status = item.get("risk_status", "unchecked") + if risk_status == "mitigated": + finding.is_mitigated = True + + def determine_accepted(self, finding, item): + risk_status = item.get("risk_status", "unchecked") + if risk_status == "accepted": + finding.risk_accepted = True + + def determine_under_review(self, finding, item): + risk_status = item.get("risk_status", "unchecked") + if risk_status == "in-discussion": + finding.under_review = True + + def determine_false_positive(self, finding, item): + risk_status = item.get("risk_status", "unchecked") + if risk_status == "false-positive": + finding.false_p = True + + def determine_verified(self, finding, item): + risk_status = item.get("risk_status", "unchecked") + if risk_status == "in-progress": + finding.verified = True + + def determine_component(self, finding, item): + if item.get("most_relevant_technical_asset"): + finding.component_name = item.get("most_relevant_technical_asset") + return + if item.get("most_relevant_trust_boundary"): + finding.component_name = item.get("most_relevant_trust_boundary") + return + if item.get("most_relevant_data_asset"): + finding.component_name = item.get("most_relevant_data_asset") + return + if item.get("most_relevant_shared_runtime"): + finding.component_name = item.get("most_relevant_shared_runtime") + return + if item.get("most_relevant_communication_link"): + finding.component_name = item.get("most_relevant_communication_link") + return diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 9abe3401d79..be90cf8c2c9 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.27.4" +appVersion: "2.28.0" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.93 +version: 1.6.94 icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index 91a8da28006..c3fa1797dd7 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -456,7 +456,7 @@ cloudsql: image: # set repo and image tag of gce-proxy repository: gcr.io/cloudsql-docker/gce-proxy - tag: 1.33.11 + tag: 1.33.13 pullPolicy: IfNotPresent # set CloudSQL instance: 'project:zone:instancename' instance: "" diff --git a/readme-docs/CONTRIBUTING.md b/readme-docs/CONTRIBUTING.md index 44b9b2d5253..dd4eb25dbd2 100644 --- a/readme-docs/CONTRIBUTING.md +++ b/readme-docs/CONTRIBUTING.md @@ -88,3 +88,12 @@ DefectDojo. [dojo_settings]: /dojo/settings/settings.dist.py "DefectDojo settings file" [pep8]: https://www.python.org/dev/peps/pep-0008/ "PEP8" [flake8 built-in commit hooks]: https://flake8.pycqa.org/en/latest/user/using-hooks.html#built-in-hook-integration + + +## Code Review Process + +During the review process, one or more reviewers may provide feedback on your changes. +Requested changes from reviewers should stay within the scope of the PR. +Please do not resolve comments without any discussion. If you decide not to make a suggested change, +make sure to leave a brief reply as a response so that everyone +is on the same page. The reviewer can then resolve the comment if the reasoning is acceptable. \ No newline at end of file diff --git a/readme-docs/KUBERNETES.md b/readme-docs/KUBERNETES.md index 40ce6c979b3..1f98d388a89 100644 --- a/readme-docs/KUBERNETES.md +++ b/readme-docs/KUBERNETES.md @@ -10,7 +10,7 @@ and [Helm](https://helm.sh/) can be installed locally by following this [guide](https://helm.sh/docs/using_helm/#installing-helm). ## Supported Kubernetes Versions -The tests cover the deployment on the lastest [kubernetes version](https://kubernetes.io/releases/) and the oldest supported [version from AWS](https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions). The assumption is that version in between do not have significant differences. Current tested versions can looks up in the [github k8s workflow](https://github.com/DefectDojo/django-DefectDojo/blob/master/.github/workflows/k8s-testing.yml). +The tests cover the deployment on the lastest [kubernetes version](https://kubernetes.io/releases/) and the oldest supported [version from AWS](https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions). The assumption is that version in between do not have significant differences. Current tested versions can looks up in the [github k8s workflow](https://github.com/DefectDojo/django-DefectDojo/blob/master/.github/workflows/k8s-tests.yml). ## Helm chart Starting with version 1.14.0, a helm chart will be pushed onto the `helm-charts` branch during the release process. Don't look for a chart museum, we're leveraging the "raw" capabilities of GitHub at this time. diff --git a/requirements.txt b/requirements.txt index 70045e1b798..b1d12a33585 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,9 +1,9 @@ # requirements.txt for DefectDojo using Python 3.x asteval==0.9.31 -bleach==6.0.0 +bleach==6.1.0 bleach[css] celery==5.3.4 -coverage==7.3.1 +coverage==7.3.2 defusedxml==0.7.1 django_celery_results==2.5.1 django-auditlog==2.3.0 @@ -24,7 +24,7 @@ django-slack==5.19.0 git+https://github.com/DefectDojo/django-tagging@develop#egg=django-tagging django-watson==1.6.3 django-prometheus==2.3.1 -Django==4.1.11 +Django==4.1.13 djangorestframework==3.14.0 gunicorn==21.2.0 html2text==2020.1.16 @@ -32,28 +32,28 @@ humanize==4.8.0 jira==3.5.2 PyGithub==1.58.2 lxml==4.9.3 -Markdown==3.4.4 +Markdown==3.5.1 mysqlclient==2.1.1 openpyxl==3.1.2 xlrd==1.2.0 -Pillow==10.0.1 # required by django-imagekit -psycopg2-binary==2.9.8 -cryptography==41.0.4 +Pillow==10.1.0 # required by django-imagekit +psycopg2-binary==2.9.9 +cryptography==41.0.5 python-dateutil==2.8.2 pytz==2023.3.post1 redis==5.0.1 requests==2.31.0 -sqlalchemy==2.0.21 # Required by Celery broker transport +sqlalchemy==2.0.22 # Required by Celery broker transport supervisor==4.2.5 urllib3==1.26.18 -uWSGI==2.0.22 +uWSGI==2.0.23 vobject==0.9.6.1 whitenoise==5.2.0 titlecase==2.4.1 -social-auth-app-django==5.3.0 -social-auth-core==4.4.2 +social-auth-app-django==5.4.0 +social-auth-core==4.5.0 Python-jose==3.3.0 -gitpython==3.1.37 +gitpython==3.1.40 debugpy==1.8.0 python-gitlab==3.15.0 drf_yasg==1.21.5 @@ -72,13 +72,13 @@ cvss==2.6 django-fieldsignals==0.7.0 hyperlink==21.0.0 django-test-migrations==1.3.0 -djangosaml2==1.7.0 +djangosaml2==1.8.0 drf-spectacular==0.26.5 django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.0 pycurl==7.45.2 # Required for Celery Broker AWS (SQS) support -boto3==1.28.57 # Required for Celery Broker AWS (SQS) support +boto3==1.28.77 # Required for Celery Broker AWS (SQS) support netaddr==0.8.0 -vulners==2.1.0 +vulners==2.1.1 fontawesomefree==6.4.2 diff --git a/unittests/scans/awssecurityhub/README.md b/unittests/scans/awssecurityhub/README.md index cc00b1b3972..dd08fde5e85 100644 --- a/unittests/scans/awssecurityhub/README.md +++ b/unittests/scans/awssecurityhub/README.md @@ -10,7 +10,7 @@ To keep some order, let's keep them prefixed with the names of the services that * `inspector_ec2_`: findings from AWS Inspector with results of scanning EC2 instances -* `inspector_ecr_`: findings from AWS Inspector with results of Enhanced ECR Scanning +* `inspector_ecr_`: findings from AWS Inspector with results of Enhanced ECR Scanning, currently contains 7 findings with vulnerabilities associated with 8 different values of `PackageManager` * `inspector_lambda_`: findings from AWS Inspector with results of scanning Lambdas diff --git a/unittests/scans/awssecurityhub/inspector_ecr.json b/unittests/scans/awssecurityhub/inspector_ecr.json new file mode 100644 index 00000000000..daa4225e61a --- /dev/null +++ b/unittests/scans/awssecurityhub/inspector_ecr.json @@ -0,0 +1,805 @@ +{ + "Findings": [ + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/fbd353dda17ad52c47774ad7d62360b2", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-23T14:00:39Z", + "LastObservedAt": "2023-08-30T21:11:07Z", + "CreatedAt": "2023-08-23T14:00:39Z", + "UpdatedAt": "2023-08-30T21:11:07Z", + "Severity": { + "Label": "MEDIUM", + "Normalized": 40 + }, + "Title": "CVE-2023-2650 - openssl", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time comp...Truncated", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "6.5", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "DEBIAN_11", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:d5fad00d4eb04c332a8728ee7642bff8fb9cd3cec653ca301ab69a4ca075a757", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/fbd353dda17ad52c47774ad7d62360b2", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-os/sha256:af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-os", + "Architecture": "amd64", + "ImageDigest": "sha256:af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74", + "ImageTags": ["2023-08-23"], + "ImagePublishedAt": "2023-08-23T14:00:14Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-2650", + "VulnerablePackages": [ + { + "Name": "openssl", + "Version": "1.1.1n", + "Epoch": "0", + "Release": "0+deb11u4", + "Architecture": "AMD64", + "PackageManager": "OS", + "FixedInVersion": "0:1.1.1n-0+deb11u5", + "Remediation": "apt-get update && apt-get upgrade", + "SourceLayerHash": "sha256:d5fad00d4eb04c332a8728ee7642bff8fb9cd3cec653ca301ab69a4ca075a757" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 6.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 6.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "DEBIAN_CVE", + "Url": "https://security-tracker.debian.org/tracker/CVE-2023-2650", + "VendorSeverity": "not yet assigned" + }, + "ReferenceUrls": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=null" + ], + "FixAvailable": "YES", + "EpssScore": 0.0014, + "ExploitAvailable": "NO" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "MEDIUM" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/fabd67b4e814d66ce64fb34f2f20b559", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-09T06:27:25Z", + "LastObservedAt": "2023-08-30T21:11:47Z", + "CreatedAt": "2023-08-09T06:27:25Z", + "UpdatedAt": "2023-08-30T21:11:47Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2022-32149 - golang.org/x/text, golang.org/x/text and 1 more", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "7.5", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "DEBIAN_12", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf,sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf,sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/fabd67b4e814d66ce64fb34f2f20b559", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-gomod/sha256:a94c3dfd6c8ecb573a30fae7c18cf682de4b6c16f3c7250c107de1770db41220", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-gomod", + "Architecture": "amd64", + "ImageDigest": "sha256:a94c3dfd6c8ecb573a30fae7c18cf682de4b6c16f3c7250c107de1770db41220", + "ImageTags": ["c-c4036e958892d4e087301fa446c19ff5b7b80ecd"], + "ImagePublishedAt": "2023-08-01T13:13:45Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-32149", + "VulnerablePackages": [ + { + "Name": "golang.org/x/text", + "Version": "0.3.8-0.20220509174342-b4bca84b0361", + "Epoch": "0", + "PackageManager": "GOMOD", + "FilePath": "usr/local/go/src/go.mod", + "FixedInVersion": "0.3.8", + "Remediation": "Update text to 0.3.8", + "SourceLayerHash": "sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf" + }, + { + "Name": "golang.org/x/text", + "Version": "0.3.3", + "Epoch": "0", + "PackageManager": "GOMOD", + "FilePath": "usr/local/go/src/something/go.sum", + "FixedInVersion": "0.3.8", + "Remediation": "Update text to 0.3.8", + "SourceLayerHash": "sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf" + }, + { + "Name": "golang.org/x/text", + "Version": "0.3.8-0.20220509174342-b4bca84b0361", + "Epoch": "0", + "PackageManager": "GOMOD", + "FilePath": "usr/local/go/src/go.sum", + "FixedInVersion": "0.3.8", + "Remediation": "Update text to 0.3.8", + "SourceLayerHash": "sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2022-10-14T15:15:00Z", + "VendorUpdatedAt": "2022-10-18T17:41:00Z" + }, + "ReferenceUrls": [ + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ" + ], + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/ed174f9755171e51f5f45e2bfc0bb685", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-30T14:28:53Z", + "LastObservedAt": "2023-08-30T14:28:53Z", + "CreatedAt": "2023-08-30T14:28:53Z", + "UpdatedAt": "2023-08-30T14:28:53Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2022-25883 - semver", + "Description": "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "7.5", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "ALPINE_LINUX_3_18", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:751194035c3611aead30c71ecc70008764778b49867f805c9a12b0c42a5e07bf", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/ed174f9755171e51f5f45e2bfc0bb685", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-nodepkg/sha256:1e9cf640d33e8a4fca7cb8d7ddf952ef0a3cd54b9446567d44e638a6571385bd", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-nodepkg", + "Architecture": "amd64", + "ImageDigest": "sha256:1e9cf640d33e8a4fca7cb8d7ddf952ef0a3cd54b9446567d44e638a6571385bd", + "ImageTags": ["c-5081c9b0cf8160ea0c46bd49a1362f92f3aa4e73"], + "ImagePublishedAt": "2023-08-30T14:28:45Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-25883", + "VulnerablePackages": [ + { + "Name": "semver", + "Version": "7.5.1", + "Epoch": "0", + "PackageManager": "NODEPKG", + "FilePath": "usr/local/lib/node_modules/npm/node_modules/semver/package.json", + "FixedInVersion": "7.5.2", + "Remediation": "Update semver to 7.5.2", + "SourceLayerHash": "sha256:751194035c3611aead30c71ecc70008764778b49867f805c9a12b0c42a5e07bf" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2023-06-21T05:15:00Z", + "VendorUpdatedAt": "2023-07-12T00:53:00Z" + }, + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/fb283a3490f48eec11b6500faab7470c", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-10T07:36:46Z", + "LastObservedAt": "2023-08-21T17:01:53Z", + "CreatedAt": "2023-08-10T07:36:46Z", + "UpdatedAt": "2023-08-21T17:01:53Z", + "Severity": { + "Label": "CRITICAL", + "Normalized": 90 + }, + "Title": "CVE-2023-37920 - certifi, certifi and 2 more", + "Description": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "9.8", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "DEBIAN_11", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e,sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e,sha256:3d418b079937b4bec95f67f57b775741b05df804006733b418dd0633d553c751,sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/fb283a3490f48eec11b6500faab7470c", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-poetry/sha256:d0406162a81777e5fe3eb5835fec5d4436ca750a1e12e367474efc39cc62cfbf", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-poetry", + "Architecture": "amd64", + "ImageDigest": "sha256:d0406162a81777e5fe3eb5835fec5d4436ca750a1e12e367474efc39cc62cfbf", + "ImageTags": ["tag1", "tag2", "tag-last"], + "ImagePublishedAt": "2023-08-10T07:36:02Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-37920", + "VulnerablePackages": [ + { + "Name": "certifi", + "Version": "2022.12.7", + "Epoch": "0", + "PackageManager": "POETRY", + "FilePath": "app/poetry.lock", + "FixedInVersion": "2023.7.22", + "Remediation": "Update certifi to 2023.7.22", + "SourceLayerHash": "sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e" + }, + { + "Name": "certifi", + "Version": "2023.5.7", + "Epoch": "0", + "PackageManager": "POETRY", + "FilePath": "app/poetry.lock", + "FixedInVersion": "2023.7.22", + "Remediation": "Update certifi to 2023.7.22", + "SourceLayerHash": "sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e" + }, + { + "Name": "certifi", + "Version": "2023.5.7", + "Epoch": "0", + "PackageManager": "PYTHONPKG", + "FilePath": "app/.cache/pypoetry/virtualenvs/something-ANnMAkq9-py3.9/lib/python3.9/site-packages/certifi-2023.5.7.dist-info/METADATA", + "FixedInVersion": "2023.7.22", + "Remediation": "Update certifi to 2023.7.22", + "SourceLayerHash": "sha256:3d418b079937b4bec95f67f57b775741b05df804006733b418dd0633d553c751" + }, + { + "Name": "certifi", + "Version": "2022.12.7", + "Epoch": "0", + "PackageManager": "POETRY", + "FilePath": "app/poetry.lock", + "FixedInVersion": "2023.7.22", + "Remediation": "Update certifi to 2023.7.22", + "SourceLayerHash": "sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 9.8, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 9.8, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37920", + "VendorSeverity": "CRITICAL", + "VendorCreatedAt": "2023-07-25T21:15:00Z", + "VendorUpdatedAt": "2023-08-12T06:16:00Z" + }, + "ReferenceUrls": [ + "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/" + ], + "FixAvailable": "YES", + "ExploitAvailable": "NO" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "CRITICAL" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/b05900ac9880dc902ef729b72a91a21a", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-21T13:40:40Z", + "LastObservedAt": "2023-08-21T13:41:59Z", + "CreatedAt": "2023-08-21T13:40:40Z", + "UpdatedAt": "2023-08-21T13:41:59Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2022-31163 - tzinfo", + "Description": "TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a p...Truncated", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "8.1", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "ALPINE_LINUX_3_17", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:6ce38273df14da22f8dbb8d224d0f7ed007da6daa6fde797eb3e505e8932eb20", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/b05900ac9880dc902ef729b72a91a21a", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-bundler/sha256:f15d536b44e9700b6d687947139cec8f7741ea4f796f807d4d909b68fb34c418", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-bundler", + "Architecture": "amd64", + "ImageDigest": "sha256:f15d536b44e9700b6d687947139cec8f7741ea4f796f807d4d909b68fb34c418", + "ImagePublishedAt": "2023-08-21T13:40:31Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-31163", + "VulnerablePackages": [ + { + "Name": "tzinfo", + "Version": "1.2.9", + "Epoch": "0", + "PackageManager": "BUNDLER", + "FilePath": "app/node_modules/@something/Gemfile.lock", + "FixedInVersion": "1.2.10", + "Remediation": "Update tzinfo to 1.2.10", + "SourceLayerHash": "sha256:6ce38273df14da22f8dbb8d224d0f7ed007da6daa6fde797eb3e505e8932eb20" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 8.1, + "BaseVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 8.1, + "BaseVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2022-07-22T04:15:00Z", + "VendorUpdatedAt": "2022-10-26T19:00:00Z" + }, + "ReferenceUrls": [ + "https://lists.debian.org/debian-lts-announce/2022/08/msg00009.html" + ], + "FixAvailable": "YES", + "ExploitAvailable": "NO" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/1f46c626e66f19961cb634e30463b913", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-21T13:39:12Z", + "LastObservedAt": "2023-08-21T13:41:58Z", + "CreatedAt": "2023-08-21T13:39:12Z", + "UpdatedAt": "2023-08-21T13:41:58Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2023-37788 - github.com/elazarl/goproxy", + "Description": "goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "7.5", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "ALPINE_LINUX_3_17", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:ead62b4140ce38991b50e86efa65ebae81a6384f2024e8147b4b85d05f2bb5fa", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/1f46c626e66f19961cb634e30463b913", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-gobinary/sha256:6b48d92046b51a4761462e432d99724343006425dca0694b41634fd0b6ecce7c", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-gobinary", + "Architecture": "amd64", + "ImageDigest": "sha256:6b48d92046b51a4761462e432d99724343006425dca0694b41634fd0b6ecce7c", + "ImageTags": ["tag-2023.123", "c-12345"], + "ImagePublishedAt": "2023-08-21T13:39:01Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-37788", + "VulnerablePackages": [ + { + "Name": "github.com/elazarl/goproxy", + "Version": "v0.0.0-20220901064549-fbd10ff4f5a1", + "Epoch": "0", + "PackageManager": "GOBINARY", + "FilePath": "app/snyk-alpine", + "FixedInVersion": "0.0.0-20230731152917-f99041a5c027", + "Remediation": "Update goproxy to 0.0.0-20230731152917-f99041a5c027", + "SourceLayerHash": "sha256:ead62b4140ce38991b50e86efa65ebae81a6384f2024e8147b4b85d05f2bb5fa" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37788", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2023-07-18T19:15:00Z", + "VendorUpdatedAt": "2023-07-27T04:05:00Z" + }, + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/8ba5034cf5b39282316fb9a919a2c556", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-21T07:01:06Z", + "LastObservedAt": "2023-08-21T13:06:22Z", + "CreatedAt": "2023-08-21T07:01:06Z", + "UpdatedAt": "2023-08-21T13:06:22Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2023-25194 - org.apache.kafka:kafka-clients", + "Description": "A possible security vulnerability has been identified in Apache Kafka Connect API.\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\nWhen configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config`\nproperty for any of the connector's Kafka clients to \"com.sun.security.auth.module.JndiLoginModule\", which can be done via the\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\nThis will allow the server to connect to the attacker's LDAP server\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\nAttacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerabili...Truncated", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "8.8", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "ALPINE_LINUX_3_15", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:66023291c834d436a456d628643f8ae182ab688f2ea3d9f7741652027dec1efb", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/8ba5034cf5b39282316fb9a919a2c556", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-jar/sha256:856d54232d3e463b6aa99d3f951cac8bacb6deb95e5795c1440f4be4ad60cf63", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-jar", + "Architecture": "amd64", + "ImageDigest": "sha256:856d54232d3e463b6aa99d3f951cac8bacb6deb95e5795c1440f4be4ad60cf63", + "ImageTags": ["tag123"], + "ImagePublishedAt": "2023-08-21T07:00:59Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-25194", + "VulnerablePackages": [ + { + "Name": "org.apache.kafka:kafka-clients", + "Version": "3.1.2", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "app/app.jar", + "FixedInVersion": "3.4.0", + "Remediation": "Update kafka-clients to 3.4.0", + "SourceLayerHash": "sha256:66023291c834d436a456d628643f8ae182ab688f2ea3d9f7741652027dec1efb" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 8.8, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 8.8, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25194", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2023-02-07T20:15:00Z", + "VendorUpdatedAt": "2023-07-21T12:15:00Z" + }, + "ReferenceUrls": [ + "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz", + "https://kafka.apache.org/cve-list" + ], + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + } + ] +} diff --git a/unittests/scans/hcl_appscan/many_findings.xml b/unittests/scans/hcl_appscan/many_findings.xml new file mode 100644 index 00000000000..af823e290d1 --- /dev/null +++ b/unittests/scans/hcl_appscan/many_findings.xml @@ -0,0 +1,13153 @@ + + + + added + added to request: + Additional Data: + Advisories + Affected Products: + Vulnerable URLs + Concurrent Logins: + Application Data + Application Server: + AppScan Severity + Harmless + This request/response contains binary content, which is not included in generated reports. + Body + Failed Requests + Cause + Causes + Causes: + Id + Name + The following weak cipher suites are supported by the server: + Code + Comment + Comments + Cookie + Cookies + CVE: + CWE: + Detailed Summary + A detailed listing of the scan results, including all issue types found, all recommended remediation tasks, all vulnerable URLs, etc. This section is intended to provide a more detailed understanding of the security status of the application, as well as assist in scoping and prioritizing the work required to remedy issues found. + Tracked or session ID cookies: + Tracked or session ID parameters: + Difference: + Document Map + This report consists of the following sections: + Domain + .Net + JavaScript execution: + Entity + Entity: + Example + Summary + This section provides a high level view of the information gathered during the scan, using graphs or comparative numbers. It is intended to provide a general understanding of the security status of the application. + Expires + Filtered URLs + First Set + Fix + Fix: + Fix Recommendations + General + General Information + Header + High + High severity issues: + Host: + Index + Informational + Informational severity issues: + Introduction + Introduction and Objectives + General information about the scan, including the project name, purpose of the scan, etc. + Issue + Issues Sorted by Issue Type + Issues Sorted by URL + Issues detected across + Issue Type + Issue Types + Issue Types + J2EE + JavaScripts + Login Settings + Low + Low severity issues: + Malicious + manipulated from: + Medium + Medium severity issues: + Method + Name + New URLs + Report Produced on Tree node: + this is now the same as the one below - should be removed + Number of Issues + Objectives + AppScan performs real-time security assessments on web applications. These assessments aim to uncover any security issues in the application, explain the impact and risks associated with these issues, and provide guidance in planning and prioritizing remediation. The objective of this assignment was to perform controlled attack and penetration activities to assess the overall level of security of the application. + of + Operating system: + Original Request + Original Requests and Responses: + Original Response + Parameter + Parameters + Path + PHP + Query + Raw Test Response: + Reason + Reasoning: + Login sequence: + References: + Regulations + Remaining URLs + Remediation Task + removed + removed from request: + Removed URLs + Comprehensive Security Report + AppScan Web Application Security Report + Requested URL + Request + Response + Risk + Risk: + Rules: + Scan started: + Scan file name: + Sections + sections of the regulation: + Violated Section + GDPR Articles + Section Violation by Issue + Secure + Detailed Security Issues by Sections + Security Risks + Security Risks: + Login method: + In-session detection: + In-session pattern: + Severity + Severity: + Unique issues detected across + SSL Version + Table of Contents + Test Description: + Test Login + Test policy: + Test Request: + Test Requests and Responses: + Test Response (first) + Test Response + Test Response (last) + Test Response (next-to-last) + Technical Description: + Test Type: + Threat + WASC Threat Classification + Threat Classification: + TOC + to: + Total security issues included in the report: + Total security issues: + total security issues + Type + Unwanted + URL + URL: + Valid Login + Value + Variant + Visited URLs + Vulnerable URLs + Web server: + Issue Types that this task fixes + Simulation of the pop-up that appears when this page is opened in a browser + Location + Intent Action: + Intent Class: + Intent Data: + Intent Extra: + Intent Package: + Payload + Issues: + Method Signature: + Issue Validation Parameters: + Thread: + Timestamp: + Trace: + Issue Information + This issue was detected by AppScan's Mobile Analyzer. + Call Stack: + Header: + XML: + File Name: + File Permission: + Synopsis: + Dump: + Manifest: + Request: + Method Information + Signature: + File: + Name: + Permissions: + Class + Function + Line + Created by: + Summary of security issues + Issues + Go to Table of Contents + Issue Types: + Application Version: + Scan Name: + First Variant: + Variants Found: + OWASP: + X-Force: + (Only the first one is displayed) + No security issues discovered in the scan + Scan status: + Note that the scan on which this report is based was not completed. + Success + Refer to the site for more details. + Sink + Source + OWASP Top 10 + File Path: + Reference: + Free Plan + Please Note: + This summary report was created with the Application Security Analyzer Free Plan. Once you purchase the full service you will have access to a complete report with detailed descriptions of the issues found and how to remediate them. + Activities: + Coverage + Activities + This report includes important security information about your mobile application. + Fix Recommendations: + Component + Glossary + Privacy: + Symbols Found: + Mobile Application Report + Class Signature: + Defining Class + Controllable Object Fields: + Receivers: + Services: + Receivers + Services + Method Signature: + Issue Information: + Settings For Target: + Provider: + Sample Report + Login Mode: + Views: + Views + None + Automatic + Manual + Calling Line + Calling Method + Class + Classification + Critical + Date Created + Discovery Method + Last Updated + Package + Scans: + Severity Value + Status + API + Element + Scheme + Sink: + Source: + Trace + Source File + Access Complexity + Access Vector + Authentication + Availability Impact + Confidentiality Impact + CVE + CVSS + Description + Exploitability + Integrity Impact + Summary + Activities that were tested for security vulnerabilities, as defined in the app's manifest. + Issue Types that ASoC has tested your application for. + Receivers that were tested for security vulnerabilities, as defined in the app's manifest. + Services that were tested for security vulnerabilities, as defined in the app's manifest. + Titles of Views encountered when crawling the app. + Leaked Information: + Password: + User Name: + Mitigation: + Alternate Fix Suggestions + This method is a part of the application code and appears in each of the grouped issue's traces. You should begin investigating a possible fix in the implementation of the method. + This method is a third-party API, with a common caller in each of the grouped issue's traces. You should begin investigating a possible fix at the caller: + Replace/Repair Vulnerable OpenSource: + Please refer to the details of this issue for fix recommendations. + Business Impact: + Created: + Security Report for: + Regulation Report for: + Notes: + - Details + - Discussion + Contains: + {0} issues + (out of {0}) + - Audit Trail + Cause: + HCL Application Security on Cloud, Version + Directory: + Constant Value: + Found in: + Informational + Low + Medium + High + Critical + User Supplied Credit Card Number: + User Supplied Id: + User Supplied Input: + User Supplied Password: + User Supplied Phone Number: + User Supplied User Name: + - Fix Recommendation + Included for each issue separately. + Port: + Application Name: + Copyleft: + Copyright Risk: + Date: + Library Name: + License Name: + Open Source Report + Licenses + Linking: + Patent Risk: + Reference Type: + Reference URL: + Risk Level: + Libraries with high risk level: + Libraries with low risk level: + Libraries with medium risk level: + Libraries with unknown risk level: + Royalty Free: + Total Open Source Libraries: + AppScan on Cloud + Anyone who distributes a modification of the code or a product that is based on or contains part of the code may be required to make publicly available the source code for the product or modification, subject to an exception for software that dynamically links to the original code. (example: LGPL). + Anyone who distributes a modification of the code may be required to make the source code for the modification publicly available at no charge. + Licensee may use the code without restriction. + Anyone who develops a product that is based on or contains part of the code, or who modifies the code, may be required to make publicly available the source code for that product or modification if s/he (a) distributes the software or (b) enables others to use the software via hosted or web services. (example: Affero) + Anyone who distributes a modification of the code or a product that is based on or contains part of the code may be required to make publicly available the source code for the product or modification. (example: GPL). + Anyone who distributes the code must provide certain notices, attributions and/or license terms in documentation with the software. + Anyone who distributes the code must retain any attributions included in the original distribution. + Specific identified patent risks + Royalty free and no identified patent risks + No patents granted + Royalty free unless litigated + Report created at: + Report for scan: + Open source library name + Risk level + Security Report + Open Source Libraries + Unknown + Reference + In this section you’ll find more details about the fields and their values. + Disabled + Enabled + None + Automatic + Prompt + Recorded login + Unknown + (Modified) + Any + Unknown + Sample Trace + License Type + Scan Security Report + This report lists all the open source libraries found in your scan, and their associated open source Risk Levels. + + Open Source Risk Levels are not the same as the Risk Levels in Security Reports, and not related to the vulnerabilities of specific issues. + You can see if any of the libraries have known vulnerabilities in Issue Management view. + Number Of Libraries + Report Date: + Scanned under Application: + Scan Start Date: + Total Open Source License Types: + Details + Threat Classification: + Fix Groups: + Implementation of {0} + Usage of {0} via {1} + Fix Group #{0}: {1} + This section groups {0} issues of type {1} with significant commonality in the their traces. + This section groups {0} issues with significant commonality in their traces. The following issue types are included: + This section groups {0} issues of type {1} with a common opensource file. + This section groups {0} issues with a common opensource file. The following issue types are included: + These issues are grouped together to try to help you find a common fix that resolves them all. + These method calls are also common to the traces of the issues in this group. They represent other possible These method calls are also common to the traces of the issues in this group. They represent other possible locations to investigate a fix. + All {0} issues in this report appear to be independent, lacking the commonality required in their traces to be grouped together. They all appear in this section. + This section lists the remaining {0} issues that could not be included in any other fix groups. + The following issue types are included: + Ungrouped + Fix Recommendation + Library Version: + API: + at line + Call + Caller: + Description: + Name: + Example Trace: + File + Lost Sink + Not a Validator + Sample Trace + Publish date: + Resolution: + Source and Sink + Tainted Arg + Taint Propagator + via + Virtual Lost Sink + Test Optimization: + Normal + Optimized + Issue ID: + Compliance Security Report + Undefined + Undefined + Title: + Report Date UTC: + Fix Group ID: + Method: + Query String: + URI: + Arguments: + Call Trace: + Object: + Return: + Stack: + Type: + By Fix Groups: + By Issue Types: + Fix-Groups + Library: + Location: + Status: + Common API Call: + Common Fix Point: + Common Open Source: + Common Fix Point: + OpenSource + API: + Location of fix: + Library name: + Location of fix: + Advisory: + Custom Advisory: + Hosts + Fast + Faster + Fastest + No Optimization + How to Fix: + Report Name: + Technology: + Scan Information + General Advisory: + Finding specific advisory: + Example: + Exploit Example: + (none) + Not applicable for this issue. + HTTP Only + JS Stack Trace + Same Site + False + True + (Mixed) + Articles + CWE + Exploit example + External references + Recommendations + Language: + How to Fix + See also issue-details 'Resolution' section below. + Mitigation + Important: + Note: The number of issues found exceeded the maximum that can be shown in a single set of results. +The scan results show {0} representitive issues. + Personal Scan + Personal Scans are deleted after {0} days, unless promoted to the application within that time. + Additional Information: + Fixed + In Progress + New + Noise + Open + Passed + Reopened + Definitive + Scan Coverage Findings + Suspect + Cipher Suites: + ID + Fix recommendation + Default (Production) + Default (Staging) + Default + Body + Cookie + Global + Header + Header Name + Link + Other + Page + Parameter + Parameter Name + Query + Role + Source Line + Unspecified + Critical + High + Low + Medium + Unspecified + Report for application: + This report lists all the open source libraries found in your application, and their associated open source Risk Levels. + License Details + Library Name + Version + Undefined + Critical severity issues: + Full + No + Partial + Undefined + Dynamic + Non Viral + Undefined + Viral + Alpine + Arch Linux + Bower + Build Configuration File + Details available in CDNJS + Debian + .NET + Eclipse OSGI Bundle + Details available in GitHub repository + License information in host site + License File + Node package manager + NuGet Package + Other + POM file + Project Home Page + Python Package Index + Readme File + RPM + RubyGems + License assigned manually by a user in the organization + Undefined + High + Low + Medium + Undefined + Unknown + Conditional + No + Yes + Undefined severity issues: + Last Found + CVSS Version + Total Items: + + + demo_1 + Generated by Python script + HCL + Application Security on Cloud + AltoroSAST + Medium + Tuesday, October 3, 2023 + FullReport + 60 + False + 30 + 20000 + False + ASoC + + + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + 0 + 0 + 1 + + + + Unencrypted Login Request + + + Autocomplete HTML Attribute Not Disabled for Password Field + + + Body Parameters Accepted in Query + + + Cookie with Insecure or Improper or Missing SameSite attribute + + + Database Error Pattern Found + + + Hidden Directory Detected + + + Insecure "OPTIONS" HTTP Method Enabled + + + Missing "Content-Security-Policy" header + + + Missing or insecure "X-Content-Type-Options" header + + + Temporary Directory Found + + + Java Stack Trace + + + HTML Comments Sensitive Information Disclosure + + + Missing "Referrer policy" Security Header + + + + + + High + 3 + 8.2 + + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 523 + + attLoginNotOverSSL + + + fix_52720 + + + attLoginNotOverSSL + + + catInsufficientTransLayerProtection + + + -9130171565661200384 + + + 997983916 + + + loginNotOverSSL + + + sensitiveDataNotSSL + + + + + + AppScan identified a password parameter that was not sent over SSL. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Content-Length: 66 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive + +name=&login=&email=753+Main+Street&password=&--begin_highlight_tag--passwordConfirmation--end_highlight_tag--= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 7344 +Date: Tue, 03 Oct 2023 12:44:56 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Register</h2> + </div> + + + + <div + class="alert alert-danger actionError" > + <p>Name is required</p> + <p>Login is required</p> + <p>Password is required</p> + <p>Password confirmation is required</p> + </div> + + + <div class='page-body'> + + + + +<form id="register" name="register" action="/dvja-1.0-SNAPSHOT/register.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group has-error has-feedback"><label class=" control-label" for="register_name" >Name </label> <div class=" controls"> + +<input type="text" name="name" value="" id="register_name" class="form-control" placeholder="Enter full name"/><span class="glyphicon glyphicon-remove form-control-feedback"></span> +<span class="help-block alert-danger">Name is required</span></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group has-error has-feedback"><label class=" control-label" for="register_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="register_login" class="form-control" placeholder="Enter login"/><span class="glyphicon glyphicon-remove form-control-feedbac +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Unencrypted Login Request + 8.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + mani-virtual-machine + passwordConfirmation + Parameter + /dvja-1.0-SNAPSHOT/register.action + http + mani-virtual-machine + 9000 + b0479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Unencrypted Login Request + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + Severity: → High + Cvss: → 8.2 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + High + 3 + 8.2 + + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 523 + + attLoginNotOverSSL + + + fix_52720 + + + attLoginNotOverSSL + + + catInsufficientTransLayerProtection + + + 7521140967381157376 + + + 820255084 + + + loginNotOverSSL + + + sensitiveDataNotSSL + + + + + + AppScan identified a password parameter that was not sent over SSL. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC HTTP/1.1 +Host: mani-virtual-machine:9000 +Content-Length: 16 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive + +login=&--begin_highlight_tag--password--end_highlight_tag--= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:45:15 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/></div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Unencrypted Login Request + 8.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + password + Parameter + /dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 9f479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Unencrypted Login Request + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → High + Cvss: → 8.2 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + High + 3 + 8.2 + + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 523 + + attLoginNotOverSSL + + + fix_52720 + + + attLoginNotOverSSL + + + catInsufficientTransLayerProtection + + + 7521140967381157376 + + + -257318246 + + + loginNotOverSSL + + + sensitiveDataNotSSL + + + + + + AppScan identified a password parameter that was not sent over SSL. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Content-Length: 16 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive + +login=&--begin_highlight_tag--password--end_highlight_tag--= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:45:15 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/></div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Unencrypted Login Request + 8.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + mani-virtual-machine + password + Parameter + /dvja-1.0-SNAPSHOT/login.action + http + mani-virtual-machine + 9000 + a4479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Unencrypted Login Request + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + Severity: → High + Cvss: → 8.2 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + High + 3 + 8.2 + + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 523 + + attLoginNotOverSSL + + + fix_52720 + + + attLoginNotOverSSL + + + catInsufficientTransLayerProtection + + + 7521140967381157376 + + + 997983916 + + + loginNotOverSSL + + + sensitiveDataNotSSL + + + + + + AppScan identified a password parameter that was not sent over SSL. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Content-Length: 66 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive + +name=&login=&email=753+Main+Street&--begin_highlight_tag--password--end_highlight_tag--=&passwordConfirmation= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 7344 +Date: Tue, 03 Oct 2023 12:44:56 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Register</h2> + </div> + + + + <div + class="alert alert-danger actionError" > + <p>Name is required</p> + <p>Login is required</p> + <p>Password is required</p> + <p>Password confirmation is required</p> + </div> + + + <div class='page-body'> + + + + +<form id="register" name="register" action="/dvja-1.0-SNAPSHOT/register.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group has-error has-feedback"><label class=" control-label" for="register_name" >Name </label> <div class=" controls"> + +<input type="text" name="name" value="" id="register_name" class="form-control" placeholder="Enter full name"/><span class="glyphicon glyphicon-remove form-control-feedback"></span> +<span class="help-block alert-danger">Name is required</span></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group has-error has-feedback"><label class=" control-label" for="register_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="register_login" class="form-control" placeholder="Enter login"/><span class="glyphicon glyphicon-remove form-control-feedbac +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Unencrypted Login Request + 8.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + mani-virtual-machine + password + Parameter + /dvja-1.0-SNAPSHOT/register.action + http + mani-virtual-machine + 9000 + a9479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Unencrypted Login Request + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + Severity: → High + Cvss: → 8.2 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -2487856038611490048 + + + -225797446 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5372 +Date: Tue, 03 Oct 2023 12:46:00 GMT +Keep-Alive: timeout=20 +Connection: keep-alive +Set-Cookie: JSESSIONID=EAF388C6E55705FAE840F20CF6D76517; Path=/dvja-1.0-SNAPSHOT; HttpOnly + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=EAF388C6E55705FAE840F20CF6D76517"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action;jsessionid=EAF388C6E55705FAE840F20CF6D76517" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action;jsessionid=EAF388C6E55705FAE840F20CF6D76517'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action;jsessionid=EAF388C6E55705FAE840F20CF6D76517'>Forgot password</a> + </div> + +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action + mani-virtual-machine + Login.action + Page + /dvja-1.0-SNAPSHOT/Login.action + http + mani-virtual-machine + 9000 + 83479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -8208387888525026816 + + + 997983916 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 6358 +Date: Tue, 03 Oct 2023 12:46:00 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Register</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="register" name="register" action="/dvja-1.0-SNAPSHOT/register.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="register_name" >Name </label> <div class=" controls"> + +<input type="text" name="name" value="" id="register_name" class="form-control" placeholder="Enter full name"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="register_login" >Login </label> < +... +... +... + + + +<div class="form-group "><label class=" control-label" for="register_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="register_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> +... +... +... + + +<div class="form-group "><label class=" control-label" for="register_passwordConfirmation" >Password Confirmation </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="passwordConfirmation" id="register_passwordConfirmation" class="form-control" placeholder="Confirm password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="register_0" class="btn btn-primary"/> +... +... +... + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + mani-virtual-machine + register.action + Page + /dvja-1.0-SNAPSHOT/register.action + http + mani-virtual-machine + 9000 + 89479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -9063651257022791936 + + + 1343776693 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=CBF45D8584CC2E65C3C6AA7391CC40FA HTTP/1.1 +Accept-Language: en-US +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:59:01 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password</a> + </div> + </div> + </div> + + + </div></div></div> + <script src='/assets/showdown.min.js'></script> +<script type='text/javascript'> + var converter = new showdown.Converter(); + + $.each($('.markdown' +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + assessmentHome.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Page + /dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 99479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -1708031360927527168 + + + -257318246 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 16 + +login=&password= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:59:01 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + mani-virtual-machine + login.action + Page + /dvja-1.0-SNAPSHOT/login.action + http + mani-virtual-machine + 9000 + 6d479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + 689984030739107840 + + + 820255084 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=CBF45D8584CC2E65C3C6AA7391CC40FA HTTP/1.1 +Host: mani-virtual-machine:9000 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 16 + +login=&password= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:59:01 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Page + /dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 70479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -7639142632969945088 + + + 1555163623 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action;jsessionid=CBF45D8584CC2E65C3C6AA7391CC40FA HTTP/1.1 +Accept-Language: en-US +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 6358 +Date: Tue, 03 Oct 2023 12:46:00 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Register</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="register" name="register" action="/dvja-1.0-SNAPSHOT/register.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="register_name" >Name </label> <div class=" controls"> + +<input type="text" name="name" value="" id="register_name" class="form-control" placeholder="Enter full name"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="register_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="register_l +... +... +... + + + +<div class="form-group "><label class=" control-label" for="register_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="register_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> +... +... +... + + +<div class="form-group "><label class=" control-label" for="register_passwordConfirmation" >Password Confirmation </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="passwordConfirmation" id="register_passwordConfirmation" class="form-control" placeholder="Confirm password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="register_0" class="btn btn-primary"/> +... +... +... + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + register.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Page + /dvja-1.0-SNAPSHOT/register.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 77479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + bodyParamsInQuery + + + fix_61757 + + + bodyParamsInQuery + + + catInformationLeakage + + + 8978610419071638272 + + + 2014603372 + + + sensitiveInformation + phishing + + + insecureWebAppConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that the application processed body parameters that were submitted in the query + + + + + + + + + --begin_mark_tag--GET--end_mark_tag-- http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/resetPasswordStart.action?--begin_mark_tag--login--end_mark_tag--= HTTP/1.1 +Content-Type: application/x-www-form-urlencoded +Accept-Language: en-US +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/resetPasswordStart.action +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 4711 +Date: Tue, 03 Oct 2023 12:46:17 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> +<div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Reset Password</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="resetPasswordStart" name="resetPasswordStart" action="/dvja-1.0-SNAPSHOT/resetPasswordStart.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="resetPasswordStart_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="resetPasswordStart_login" class="form-control" placeholder="Enter login name"/></div> +</div> + + <input type="submit" value="Submit" id="resetPasswordStart_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register and create new account</a> + </div> + </div> + </div> + + +</div></div></div> +<script src='/assets/showdown.min.js'></script> +<script type='text/javascript'> + var converter = new showdown.Converter(); + + $.each($('.markdown'), function(idx, val) { + txt = $(val).html(); + $(val).html(converter.makeHtml(txt)); + $(val).removeClass('markdown'); + }); +</script> + +<footer> + <div class='container'> + <div class='row'> + <hr/> + <div class='col-md-4'> + <!-- Logo --> + </div> + <div class='col-md-5'></div> + <div class='col-md-3'> + <div class='row'> + <div class='col-md-12'> +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Body Parameters Accepted in Query + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/resetPasswordStart.action + mani-virtual-machine + resetPasswordStart.action + Page + /dvja-1.0-SNAPSHOT/resetPasswordStart.action + http + mani-virtual-machine + 9000 + 5d479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Body Parameters Accepted in Query + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/resetPasswordStart.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 4.7 + + AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 1275 + + attSameSiteCookie + + + fix_61797 + + + attSameSiteCookie + + + catServerMisconfiguration + + + 7372740714070585856 + + + 1005910087 + + + risk_attSameSiteCookie + + + cause_attSameSiteCookie + + + + + + The response contains Sensitive Cookie with Insecure or Improper or Missing SameSite attribute, which may lead to Cookie information leakage, which may extend to Cross-Site-Request-Forgery(CSRF) attacks if there are no additional protections in place. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5372 +Date: Tue, 03 Oct 2023 12:46:14 GMT +Keep-Alive: timeout=20 +Connection: keep-alive +--begin_highlight_tag--Set-Cookie: JSESSIONID=BFBF9769CB319FD10806E99FF49C01D9; Path=/dvja-1.0-SNAPSHOT; HttpOnly--end_highlight_tag-- + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=BFBF9769CB319FD10806E99FF49C01D9"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action;jsessionid=BFBF9769CB319FD10806E99FF49C01D9" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/></div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action;jsessionid=BFBF9769CB319FD10806E99FF49C01D9'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action;jsessionid=BFBF9769CB319FD10806E99FF49C01D9'>Forgot password</a> + </div> + +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Cookie with Insecure or Improper or Missing SameSite attribute + 4.7 + http://mani-virtual-machine:9000/ + mani-virtual-machine + JSESSIONID + Cookie + / + http + mani-virtual-machine + 9000 + 7d479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Cookie with Insecure or Improper or Missing SameSite attribute + Location: → http://mani-virtual-machine:9000/ + Severity: → Medium + Cvss: → 4.7 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 209 + + GV_SQLErr + + + fix_52000 + + + GV_SQLErr + + + catSQLInjection + + + -2863411595602384640 + + + 820255084 + + + databaseManipulations + + + hazardousCharactersNotSanitized + + + + + + The test result seems to indicate a vulnerability because the response contains SQL Server errors. This suggests that the test managed to penetrate the application and reach the SQL query itself, by injecting hazardous characters. + + + + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=CBF45D8584CC2E65C3C6AA7391CC40FA HTTP/1.1 +Host: mani-virtual-machine:9000 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 118 + +--begin_mark_tag--login=%3E%22%27%3E%3Cscript%3Ealert%288%29%3C%2Fscript%3E--end_mark_tag--&--begin_mark_tag--password=%3E%22%27%3E%3Cscript%3Ealert%288%29%3C%2Fscript%3E--end_mark_tag-- + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Tue, 03 Oct 2023 12:46:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <ol> + <li>mysql</li> + <li>Communications link failure + +The last packet sent successfully to the --begin_highlight_tag--server was 0 milliseconds ago. The driver--end_highlight_tag-- has not received any packets from the server.</li> + <li>Cannot open connection</li> + <li>org.hibernate.exception.JDBCConnectionException: Cannot open connection</li> + <li>Could not open JPA EntityManager for transaction; nested exception is javax.persistence.PersistenceException: org.hibernate.exception.JDBCConnectionException: Cannot open connection</li> + </ol> + </td> + </tr> + <tr> + <td><strong>File</strong>:</td> + <td>java/net/InetAddress.java</td> + </tr> + <tr> + <td><strong>Line number</strong>:</td> + <td>801</td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>org.springframework.transaction.CannotCreateTransactionException: Could not open JPA EntityManager for transaction; nested exception is javax.persistence.PersistenceException: org.hibernate.exception.JDBCConnectionException: Cannot open connection</strong> + <div> + <pre> + org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:382) + org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:371) + org.springfram +... +... +... + +<div class="stacktrace" style="padding-left: 4em"> + <strong>org.hibernate.exception.JDBCConnectionException: Cannot open connection</strong> + <div> + <pre> + org.hibernate.exception.--begin_highlight_tag--SQLState--end_highlight_tag--Converter.convert(--begin_highlight_tag--SQLState--end_highlight_tag--Converter.java:97) + org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66) + org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:52) + org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:449) + org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167) +... +... +... + +The last packet sent successfully to the --begin_highlight_tag--server was 0 milliseconds ago. The driver--end_highlight_tag-- has not received any packets from the server.</strong> + <div> + <pre> + java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) + java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) + java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) + java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) + java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) + com.mysql.jdbc.Util.handleNewInstance(Util.java:425) + com.mysql.jdbc.--begin_highlight_tag--SQLError--end_highlight_tag--.createCommunicationsException(--begin_highlight_tag--SQLError--end_highlight_tag--.java:989) + com.mysql.jdbc.MysqlIO.&lt;init&gt;(MysqlIO.java:341) + com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2192) + com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2225) + com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2024) +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Database Error Pattern Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Global + /dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 93479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Database Error Pattern Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 209 + + GV_SQLErr + + + fix_52000 + + + GV_SQLErr + + + catSQLInjection + + + -4791768227014509568 + + + -257318246 + + + databaseManipulations + + + hazardousCharactersNotSanitized + + + + + + The test result seems to indicate a vulnerability because the response contains SQL Server errors. This suggests that the test managed to penetrate the application and reach the SQL query itself, by injecting hazardous characters. + + + + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 120 + +--begin_mark_tag--login=%3E%22%27%3E%3Cscript%3Ealert%2883%29%3C%2Fscript%3E--end_mark_tag--&--begin_mark_tag--password=%3E%22%27%3E%3Cscript%3Ealert%2883%29%3C%2Fscript%3E--end_mark_tag-- + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Tue, 03 Oct 2023 12:46:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <ol> + <li>mysql</li> + <li>Communications link failure + +The last packet sent successfully to the --begin_highlight_tag--server was 0 milliseconds ago. The driver--end_highlight_tag-- has not received any packets from the server.</li> + <li>Cannot open connection</li> + <li>org.hibernate.exception.JDBCConnectionException: Cannot open connection</li> + <li>Could not open JPA EntityManager for transaction; nested exception is javax.persistence.PersistenceException: org.hibernate.exception.JDBCConnectionException: Cannot open connection</li> + </ol> + </td> + </tr> + <tr> + <td><strong>File</strong>:</td> + <td>java/net/InetAddress.java</td> + </tr> + <tr> + <td><strong>Line number</strong>:</td> + <td>801</td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>org.springframework.transaction.CannotCreateTransactionException: Could not open JPA EntityManager for transaction; nested exception is javax.persistence.PersistenceException: org.hibernate.exception.JDBCConnectionException: Cannot open connection</strong> + <div> + <pre> + org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:382) + org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:371) + org.springfr +... +... +... + +<div class="stacktrace" style="padding-left: 4em"> + <strong>org.hibernate.exception.JDBCConnectionException: Cannot open connection</strong> + <div> + <pre> + org.hibernate.exception.--begin_highlight_tag--SQLState--end_highlight_tag--Converter.convert(--begin_highlight_tag--SQLState--end_highlight_tag--Converter.java:97) + org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66) + org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:52) + org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:449) + org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167) +... +... +... + +The last packet sent successfully to the --begin_highlight_tag--server was 0 milliseconds ago. The driver--end_highlight_tag-- has not received any packets from the server.</strong> + <div> + <pre> + java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) + java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) + java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) + java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) + java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) + com.mysql.jdbc.Util.handleNewInstance(Util.java:425) + com.mysql.jdbc.--begin_highlight_tag--SQLError--end_highlight_tag--.createCommunicationsException(--begin_highlight_tag--SQLError--end_highlight_tag--.java:989) + com.mysql.jdbc.MysqlIO.&lt;init&gt;(MysqlIO.java:341) + com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2192) + com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2225) + com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2024) +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Database Error Pattern Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + mani-virtual-machine + login.action + Global + /dvja-1.0-SNAPSHOT/login.action + http + mani-virtual-machine + 9000 + 64479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Database Error Pattern Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -7938625221554437632 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(3)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3766 +Date: Tue, 03 Oct 2023 12:58:13 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (3)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (3)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + new%20folder%20(3)/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + db479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -2503205382155987968 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~webstats/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3756 +Date: Tue, 03 Oct 2023 12:51:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~webstats/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~webstats/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~webstats/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + e5479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 7485985118471464192 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(2)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3766 +Date: Tue, 03 Oct 2023 12:58:13 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (2)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (2)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + new%20folder%20(2)/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + cc479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -3434462320700037632 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/lost%2bfound/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3758 +Date: Tue, 03 Oct 2023 12:51:15 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [lost+found/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [lost+found/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + lost%2bfound/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + d2479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 8443493442435834624 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~wsdocs/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3752 +Date: Tue, 03 Oct 2023 12:51:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~wsdocs/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~wsdocs/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~wsdocs/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + f5479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2355932850067925760 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3758 +Date: Tue, 03 Oct 2023 12:49:30 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + new%20folder/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + d8479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -4233639177803978496 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~home/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:51:23 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~home/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~home/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~home/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + fb479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -2190433128594904576 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~mnt/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:23 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~mnt/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~mnt/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~mnt/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + ff479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 3286633012251401472 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~ftp/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:27 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~ftp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~ftp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~ftp/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 43489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 998175493071363328 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~admin/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3750 +Date: Tue, 03 Oct 2023 12:51:25 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~admin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~admin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~admin/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 24489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -7573424090173923072 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~root/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:57:55 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~root/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 66489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -3755575570301313280 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~bin/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:25 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~bin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~bin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~bin/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 2d489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 7691753758981230080 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~usr/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~usr/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~usr/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~usr/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 7b489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2039800852663005440 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/lost+found/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3758 +Date: Tue, 03 Oct 2023 12:51:15 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [lost+found/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [lost+found/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + lost+found/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 33489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 3959908500064694272 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~nobody/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3752 +Date: Tue, 03 Oct 2023 12:58:13 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~nobody/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~nobody/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~nobody/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 51489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2525055911627552000 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~guest/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3750 +Date: Tue, 03 Oct 2023 12:51:27 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~guest/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~guest/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~guest/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 7f489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -1817977704953128960 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~dev/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:25 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~dev/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~dev/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~dev/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 36489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -3835415066125797120 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~var/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~var/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~var/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~var/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + e370a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -7610265077269035520 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~etc/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:27 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~etc/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~etc/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~etc/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 3b489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -2516155524754319360 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~sbin/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:58:13 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~sbin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~sbin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~sbin/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 59489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -5570124136943292416 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~stats/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3750 +Date: Tue, 03 Oct 2023 12:51:20 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~stats/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~stats/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~stats/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 5c489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2286053589636699392 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~uucp/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:51:20 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~uucp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~uucp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~uucp/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + e870a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -3031704811669553664 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~tmp/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:20 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~tmp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~tmp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~tmp/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 61489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2079657952024832512 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~log/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:32 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~log/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~log/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~log/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 91489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 74 + + attDirOptions + + + fix_52760 + + + attDirOptions + + + catContentSpoofing + + + 9074251274741643008 + + + 981149721 + + + siteDefacement + + + insecureWebServerConfiguration + + + + + + The Allow header revealed that hazardous HTTP Options are allowed, indicating that WebDAV is enabled on the server. + + + + + + + + --begin_mark_tag--OPTIONS--end_mark_tag-- --begin_mark_tag--*--end_mark_tag-- HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Allow: GET, HEAD, POST, PUT, --begin_highlight_tag--DELETE--end_highlight_tag--, OPTIONS +Content-Length: 0 +Date: Tue, 03 Oct 2023 12:49:35 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Insecure "OPTIONS" HTTP Method Enabled + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + validation.min.js + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + e2479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Insecure "OPTIONS" HTTP Method Enabled + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 74 + + attDirOptions + + + fix_52760 + + + attDirOptions + + + catContentSpoofing + + + -56590223318905856 + + + 1005910087 + + + siteDefacement + + + insecureWebServerConfiguration + + + + + + The Allow header revealed that hazardous HTTP Options are allowed, indicating that WebDAV is enabled on the server. + + + + + + + + --begin_mark_tag--OPTIONS--end_mark_tag-- --begin_mark_tag--*--end_mark_tag-- HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 200 +Allow: GET, HEAD, POST, PUT, --begin_highlight_tag--DELETE--end_highlight_tag--, OPTIONS +Content-Length: 0 +Date: Tue, 03 Oct 2023 12:49:35 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Insecure "OPTIONS" HTTP Method Enabled + 5.3 + http://mani-virtual-machine:9000/ + mani-virtual-machine + jquery-3.2.1.min.js + Page + / + http + mani-virtual-machine + 9000 + c6479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Insecure "OPTIONS" HTTP Method Enabled + Location: → http://mani-virtual-machine:9000/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 1032 + + attContentSecurityPolicy + + + fix_61770 + + + attContentSecurityPolicy + + + catInformationLeakage + + + 3482120947625889792 + + + 1005910087 + + + sensitiveInformation + phishing + + + insecureWebAppConfiguration + + + + + + AppScan detected that the Content-Security-Policy response header is missing or with an insecure policy, which increases exposure to various cross-site injection attacks + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Date: Tue, 03 Oct 2023 12:48:33 GMT +Expires: Wed, 04 Oct 2023 12:48:33 GMT +Retry-After: Wed, 04 Oct 2023 12:48:33 GMT +Cache-Control: public +Last-Modified: Tue, 03 Oct 2023 10:18:42 GMT +Content-Type: text/javascript +Transfer-Encoding: chunked +Keep-Alive: timeout=20 +Connection: keep-alive + +/*! + * validation.js + * + * Client Validation for Bootstrap Forms + * + * Requires use of jQuery. + * Tested with jQuery 1.7 + * + * Copyright (c) 2012 Johannes Geppert http://www.jgeppert.com + * + * Dual licensed under the MIT and GPL licenses: + * http://www.opensource.org/licenses/mit-license.php + * http://www.gnu.org/licenses/gpl.html + * + */ +;function bootstrapValidation(a,c){a.find("div.has-error").removeClass("has-error");a.find("div.has-feedback").removeClass("has-feedback");a.find("span.s2_help_inline").remove();a.find("span.s2_feedback").remove();a.find("div.s2_validation_errors").remove();if(c.errors&&c.errors.length>0){var b=$("<div class='alert alert-danger s2_validation_errors'></div>");a.prepend(b);$.each(c.errors,function(d,e){b.append("<p>"+e+"</p>\n")})}if(c.fieldErrors){$.each(c.fieldErrors,function(e,g){var f=a.find(':input[name="'+e+'"]'),h,d;if(f&&f.length>0){f=$(f[0]);h=f.closest("div.form-group");h.addClass("has-error");h.addClass("has-feedback");d=h.find("div.controls");if(d){if(!(f.is(":radio")||f.is(":checkbox"))){d.append("<span class='glyphicon glyphicon-remove form-control-feedback s2_feedback'></span>")}d.append("<span class='help-block s2_help_inline'>"+g[0]+"</span>")}}})}}; + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Missing "Content-Security-Policy" header + 5.3 + http://mani-virtual-machine:9000/ + mani-virtual-machine + mani-virtual-machine + Page + / + http + mani-virtual-machine + 9000 + ed479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Missing "Content-Security-Policy" header + Location: → http://mani-virtual-machine:9000/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + ContentTypeOptions + + + fix_61767 + + + ContentTypeOptions + + + catInformationLeakage + + + 3482120947625889792 + + + 1005910087 + + + sensitiveInformation + phishing + + + insecureWebAppConfiguration + + + + + + AppScan detected that the "X-Content-Type-Options" response header is missing or has an insecure value, which increases exposure to drive-by download attacks + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Date: Tue, 03 Oct 2023 12:48:33 GMT +Expires: Wed, 04 Oct 2023 12:48:33 GMT +Retry-After: Wed, 04 Oct 2023 12:48:33 GMT +Cache-Control: public +Last-Modified: Tue, 03 Oct 2023 10:18:42 GMT +Content-Type: text/javascript +Transfer-Encoding: chunked +Keep-Alive: timeout=20 +Connection: keep-alive + +/*! + * validation.js + * + * Client Validation for Bootstrap Forms + * + * Requires use of jQuery. + * Tested with jQuery 1.7 + * + * Copyright (c) 2012 Johannes Geppert http://www.jgeppert.com + * + * Dual licensed under the MIT and GPL licenses: + * http://www.opensource.org/licenses/mit-license.php + * http://www.gnu.org/licenses/gpl.html + * + */ +;function bootstrapValidation(a,c){a.find("div.has-error").removeClass("has-error");a.find("div.has-feedback").removeClass("has-feedback");a.find("span.s2_help_inline").remove();a.find("span.s2_feedback").remove();a.find("div.s2_validation_errors").remove();if(c.errors&&c.errors.length>0){var b=$("<div class='alert alert-danger s2_validation_errors'></div>");a.prepend(b);$.each(c.errors,function(d,e){b.append("<p>"+e+"</p>\n")})}if(c.fieldErrors){$.each(c.fieldErrors,function(e,g){var f=a.find(':input[name="'+e+'"]'),h,d;if(f&&f.length>0){f=$(f[0]);h=f.closest("div.form-group");h.addClass("has-error");h.addClass("has-feedback");d=h.find("div.controls");if(d){if(!(f.is(":radio")||f.is(":checkbox"))){d.append("<span class='glyphicon glyphicon-remove form-control-feedback s2_feedback'></span>")}d.append("<span class='help-block s2_help_inline'>"+g[0]+"</span>")}}})}}; + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Missing or insecure "X-Content-Type-Options" header + 5.3 + http://mani-virtual-machine:9000/ + mani-virtual-machine + mani-virtual-machine + Page + / + http + mani-virtual-machine + 9000 + 55479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Missing or insecure "X-Content-Type-Options" header + Location: → http://mani-virtual-machine:9000/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 534570368990755328 + + + -487312762 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~root%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3762 +Date: Tue, 03 Oct 2023 12:58:41 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~root - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~root - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + mani-virtual-machine + ~root%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/~root/ + http + mani-virtual-machine + 9000 + 49489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 1208790937916346624 + + + 554318100 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(2)%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3780 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (2) (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (2) (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + mani-virtual-machine + new%20folder%20(2)%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + http + mani-virtual-machine + 9000 + 9c489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 1017469257814618112 + + + 1601399525 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~sbin%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3762 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~sbin (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~sbin (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + mani-virtual-machine + ~sbin%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/~sbin/ + http + mani-virtual-machine + 9000 + 54489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 2851462593435024384 + + + 529050066 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~nobody%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3766 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~nobody - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~nobody - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + mani-virtual-machine + ~nobody%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/~nobody/ + http + mani-virtual-machine + 9000 + 83489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 3584877058063555840 + + + 1601399525 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~sbin/../Copy%20of%20~sbin/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3764 +Date: Tue, 03 Oct 2023 12:58:44 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of ~sbin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of ~sbin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + mani-virtual-machine + Copy%20of%20~sbin/ + Page + /dvja-1.0-SNAPSHOT/~sbin/ + http + mani-virtual-machine + 9000 + 89489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -6926783730889400320 + + + 529050066 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~nobody%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3766 +Date: Tue, 03 Oct 2023 12:58:40 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~nobody (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~nobody (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + mani-virtual-machine + ~nobody%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/~nobody/ + http + mani-virtual-machine + 9000 + e570a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 6825048083280689408 + + + 554318100 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(2)%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3780 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (2) - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (2) - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + mani-virtual-machine + new%20folder%20(2)%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + http + mani-virtual-machine + 9000 + 40489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 3961926838018766848 + + + 1601399525 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~sbin%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3762 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~sbin - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~sbin - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + mani-virtual-machine + ~sbin%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/~sbin/ + http + mani-virtual-machine + 9000 + 8c489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -8895992851280892928 + + + -1567672044 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(3)/../Copy%20of%20new%20folder%20(3)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3782 +Date: Tue, 03 Oct 2023 12:58:46 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of new folder (3)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of new folder (3)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + mani-virtual-machine + Copy%20of%20new%20folder%20(3)/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + http + mani-virtual-machine + 9000 + f470a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -4746773886821821696 + + + -1567672044 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(3)%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3780 +Date: Tue, 03 Oct 2023 12:58:41 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (3) - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (3) - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + mani-virtual-machine + new%20folder%20(3)%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + http + mani-virtual-machine + 9000 + eb70a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 2557566263309309184 + + + -487312762 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~root/../Copy%20of%20~root/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3764 +Date: Tue, 03 Oct 2023 12:58:46 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of ~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of ~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + mani-virtual-machine + Copy%20of%20~root/ + Page + /dvja-1.0-SNAPSHOT/~root/ + http + mani-virtual-machine + 9000 + f770a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 7915072867472056576 + + + -1567672044 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(3)%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3780 +Date: Tue, 03 Oct 2023 12:58:41 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (3) (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (3) (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + mani-virtual-machine + new%20folder%20(3)%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + http + mani-virtual-machine + 9000 + ee70a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -8059817063024404480 + + + 554318100 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(2)/../Copy%20of%20new%20folder%20(2)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3782 +Date: Tue, 03 Oct 2023 12:58:45 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of new folder (2)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of new folder (2)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + mani-virtual-machine + Copy%20of%20new%20folder%20(2)/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + http + mani-virtual-machine + 9000 + fa70a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -7221649384859903232 + + + -487312762 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~root%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3762 +Date: Tue, 03 Oct 2023 12:58:41 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~root (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~root (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + mani-virtual-machine + ~root%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/~root/ + http + mani-virtual-machine + 9000 + f170a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 5702841732333411328 + + + 529050066 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~nobody/../Copy%20of%20~nobody/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3768 +Date: Tue, 03 Oct 2023 12:58:46 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of ~nobody/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of ~nobody/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + mani-virtual-machine + Copy%20of%20~nobody/ + Page + /dvja-1.0-SNAPSHOT/~nobody/ + http + mani-virtual-machine + 9000 + fd70a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Low + 1 + 2.2 + + AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 209 + + JavaStackTraceIssue + + + fix_JavaStackTrace + + + JavaStackTraceIssue + + + catInformationLeakage + + + 1733046179033861888 + + + -487312762 + + + sensitiveInformation + + + WB_InformationLeakage + + + + + + The response contains Java stack trace payload + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:57:55 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre>--begin_highlight_tag-- + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)--end_highlight_tag-- + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735)--begin_highlight_tag-- + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)--end_highlight_tag-- + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)--begin_highlight_tag-- + java.base/java.lang.Thread.run(Thread.java:833)--end_highlight_tag-- + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Java Stack Trace + 2.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + mani-virtual-machine + Page + /dvja-1.0-SNAPSHOT/~root/ + http + mani-virtual-machine + 9000 + e8479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Java Stack Trace + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + Severity: → Low + Cvss: → 2.2 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Informational + 0 + 0.0 + + AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 615 + + attSensitiveInHtmlComments + + + fix_50750 + + + attSensitiveInHtmlComments + + + catInformationLeakage + + + -1930113050999901184 + + + 1005910087 + + + sensitiveInformation + + + debugInfoInHtmlSource + + + + + + AppScan discovered HTML comments containing what appears to be sensitive information. + + + + + GET http://mani-virtual-machine:9000/ HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 200 +Accept-Ranges: bytes +ETag: W/"1895-1693306356621" +Last-Modified: Tue, 29 Aug 2023 10:52:36 GMT +Content-Type: text/html +Content-Length: 1895 +Date: Tue, 03 Oct 2023 12:51:05 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> + <title>Apache Tomcat</title> +</head> + +<body> +<h1>It works !</h1> + +<p>If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations!</p> + +<p>This is the default Tomcat home page. It can be found on the local filesystem at: <code>/var/lib/tomcat9/webapps/ROOT/index.html</code></p> + +<p>Tomcat veterans might be pleased to learn that this system instance of Tomcat is installed with <code>CATALINA_HOME</code> in <code>/usr/share/tomcat9</code> and <code>CATALINA_BASE</code> in <code>/var/lib/tomcat9</code>, following the rules from <code>/usr/share/doc/tomcat9-common/RUNNING.txt.gz</code>.</p> + +<p>You might consider installing the following packages, if you haven't already done so:</p> + +<p><b>tomcat9-docs</b>: This package installs a web application that allows to browse the Tomcat 9 documentation locally. Once installed, you can access it by clicking <a href="docs/">here</a>.</p> + +<p><b>tomcat9-examples</b>: This package installs a web application that allows to access the Tomcat 9 Servlet and JSP examples. Once installed, you can access it by clicking <a href="examples/">here</a>.</p> + +<p><b>tomcat9-admin</b>: This package installs two web applications that can help managing this Tomcat instance. Once installed, you can access the <a href="manager/html">manager webapp</a> and the <a href="host-manager/html">host-manager webapp</a>.</p> + +<p>NOTE: For security reasons, using the manager webapp is restricted to users with role "manager-gui". The host-manager webapp is restricted to users with role "admin-gui". Users are defined in <code>/etc/tomcat9/tomcat-users.xml</code>.</p> + +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + HTML Comments Sensitive Information Disclosure + 0.0 + http://mani-virtual-machine:9000/ + mani-virtual-machine + <?xml version="1.0" encoding="ISO-8859-1"?> + Page + / + http + mani-virtual-machine + 9000 + bf479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → HTML Comments Sensitive Information Disclosure + Location: → http://mani-virtual-machine:9000/ + Severity: → Informational + Cvss: → 0.0 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + Informational + 0 + 0.0 + + AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:X/RL:O/RC:C/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attReferrerPolicyHeaderExist + + + fix_61771 + + + attReferrerPolicyHeaderExist + + + catInformationLeakage + + + 3482120947625889792 + + + 1005910087 + + + sensitiveInformation + phishing + + + insecureWebAppConfiguration + + + + + + AppScan detected that the Referrer Policy Response header is missing or with an insecure policy, which increases exposure to various cross-site injection attacks + + + + + GET http://mani-virtual-machine:9000/docs/ HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/ +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 404 +Content-Type: text/html;charset=utf-8 +Content-Language: en +Content-Length: 769 +Date: Tue, 03 Oct 2023 12:43:54 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [&#47;docs&#47;] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.58 (Ubuntu)</h3></body></html> + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Missing "Referrer policy" Security Header + 0.0 + http://mani-virtual-machine:9000/ + mani-virtual-machine + mani-virtual-machine + Page + / + http + mani-virtual-machine + 9000 + b9479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
+ IssueTypeName: → Missing "Referrer policy" Security Header + Location: → http://mani-virtual-machine:9000/ + Severity: → Informational + Cvss: → 0.0 + Scanner: → AppScan Dynamic Analyzer +
+ + + + + + + + Authentication.Credentials.Unprotected.Transport + Unencrypted Login Request + + SSL (Secure Socket Layer) provides data confidentiality and integrity to HTTP. By encrypting HTTP messages, SSL protects from attackers eavesdropping or altering message contents. Login pages should always employ SSL to protect the user name and password while they are in transit from the client to the server. Lack of SSL use exposes the user credentials as clear text during transmission to the server and thus makes the credentials susceptible to eavesdropping. + + + Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier. + + + + GDautocompleteInForm + Autocomplete HTML Attribute Not Disabled for Password Field + 522 + + N/A + + + Insecure web application programming or configuration + + + It may be possible to bypass the web application's authentication mechanism + The "autocomplete" attribute has been standardized in the HTML5 standard. W3C's site states that the attribute has two states, "on" and "off", and that omitting it altogether is equivalent to setting it to "on". + + This page is vulnerable since it does not set the "autocomplete" attribute to "off" for the "password" field in the "input" element. + This may enable an unauthorized user (with local access to an authorized client) to autofill the username and password fields, and thus log in to the site. + + + If the "autocomplete" attribute is missing in the "password" field of the "input" element, add it and set it to "off". + If the "autocomplete" attribute is set to "on", change it to "off". + + For example: + + Vulnerable site: + <form action="AppScan.html" method="get"> + Username: <input type="text" name="firstname" /><br /> + Password: <input type="password" name="lastname" /> + <input type="submit" value="Submit" /> + <form> + + + Non-vulnerable site: + <form action="AppScan.html" method="get"> + Username: <input type="text" name="firstname" /><br /> + Password: <input type="password" name="lastname" autocomplete="off"/> + <input type="submit" value="Submit" /> + <form> + + + + + bodyParamsInQuery + Body Parameters Accepted in Query + 200 + + This issue may affect different types of products. + + + Insecure web application programming or configuration + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations + It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc. + GET requests are designed to query the server, while POST requests are for submitting data. + However, aside from the technical purpose, attacking query parameters is easier than body parameters, because sending a link to the original site, or posting it in a blog or comment, is easier and has better results than the alternative - in order to attack a request with body parameters, an attacker would need to create a page containing a form that will be submitted when visited by the victim. + It is a lot harder to convince the victim to visit a page that he doesn't know, than letting him visit the original site. It it therefore not recommended to support body parameters that arrive in the query string. + + + Re-program the application to disallow handling of POST parameters that were listed in the Query + + + + GET + http://tools.ietf.org/html/rfc7231#section-4.3.1 + external + + + POST + http://tools.ietf.org/html/rfc7231#section-4.3.3 + external + + + + + attSameSiteCookie + Cookie with Insecure or Improper or Missing SameSite attribute + 1275 + + This issue may affect different types of products. + + + Sensitive Cookie with Improper or Insecure or Missing SameSite Attribute + + + Prevent Cookie information leakage by restricting cookies to first-party or same-site context + Attacks can extend to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens). + The SameSite attribute controls how cookies are sent for cross-domain requests. + + The attribute may have three values: 'Lax', 'Strict', or 'None'. If 'None' is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. + + This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens). + + Modes and their uses: + 'Lax' mode: the cookie will only be sent with a top-level get request. + 'Strict' mode; the cookie will not be sent with any cross-site usage even if the user follows a link to another website. + 'None' mode: the cookie will be sent with the cross-site requests. + + The attribute having: 'Lax' or 'None' must have 'Secure' Flag set and must be transferred over https. + Example - Set-Cookie: key=value; SameSite=Lax;Secure + + Setting attribute to 'Strict' is the recommended option. + Example - Set-Cookie: key=value; SameSite=Strict + + + [1] Review possible solutions for configuring SameSite Cookie attribute to recommended values. + [2] Restrict Cookies to a first-party or same-site context. + [3] Verify and set the SameSite attribute of your cookie to Strict, to ensure that the cookie will only be sent in a first-party context. + [4] Or, if you want to relax the restrictions of first-party context, then verify and set the SameSite attribute of the cookie to Lax with Secure Flag enabled and transferred over HTTPS. + + + + WASC Threat Classification: Information Leakage + http://www.webappsec.org/projects/threat/classes/information_leakage.shtml + external + + + SameSite Cookies + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + external + + + + + GVSQLErr + Database Error Pattern Found + 209 + + This issue may affect different types of products. + + + Sanitation of hazardous characters was not performed correctly on user input + + + It is possible to view, modify or delete database entries and tables + AppScan discovered Database Errors in the test response, that may have been triggered by an attack other than SQL Injection. + It is possible, though not certain, that this error indicates a possible SQL Injection vulnerability in the application. + If it does, please read the following SQL Injection advisory carefully. + + The software constructs all or part of an SQL command using externally-influenced input, but it incorrectly neutralizes special elements that could modify the intended SQL command when sent to the database. + + Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, and possibly including execution of system commands. + + For example, let's say we have an HTML page with a login form, which eventually runs the following SQL query on the database using the user input: + SELECT * FROM accounts WHERE username='$user' AND password='$pass' + + The two variables, $user and $pass, contain the user credentials entered by the user in the login form. + Therefore, if the user has input "jsmith" as the username, and "Demo1234" as the password, the SQL query will look like this: + SELECT * FROM accounts WHERE username='jsmith' AND password='Demo1234' + + But if the user input "'" (a single apostrophe) as the username, and "'" (a single apostrophe) as the password, the SQL query will look like this: + SELECT * FROM accounts WHERE username=''' AND password=''' + + This, of course, is a malformed SQL query, and will invoke an error message, which may be returned in the HTTP response. + An error such as this informs the attacker that an SQL Injection has succeeded, which will lead the attacker to attempt further attack vectors. + + Sample Exploit: + The following C# code dynamically constructs and executes a SQL query that searches for items matching a specified name. The query restricts the items displayed to those where owner matches the user name of the currently-authenticated user. + ... + string userName = ctx.getAuthenticatedUserName(); + string query = "SELECT * FROM items WHERE owner = "'" + + userName + "' AND itemname = '" + + ItemName.Text + "'"; + sda = new SqlDataAdapter(query, conn); + DataTable dt = new DataTable(); + sda.Fill(dt); + ... + + The query that this code intends to execute follows: + SELECT * FROM items WHERE owner = AND itemname = ; + + However, because the query is constructed dynamically by concatenating a constant base query string and a user input string, the query only behaves correctly if itemName does not contain a single-quote character. If an attacker with the user name wiley enters the string "name' OR 'a'='a" for itemName, then the query becomes the following: + SELECT * FROM items WHERE owner = 'wiley' AND itemname = 'name' OR 'a'='a'; + + The addition of the OR 'a'='a' condition causes the where clause to always evaluate to true, so the query becomes logically equivalent to the much simpler query: + SELECT * FROM items; + + + + There are several mitigation techniques: + [1] Strategy: Libraries or Frameworks + Use a vetted library or framework that does not allow this weakness to occur, or provides constructs that make it easier to avoid. + + [2] Strategy: Parameterization + If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated. + + [3] Strategy: Environment Hardening + Run your code using the lowest privileges that are required to accomplish the necessary tasks. + + [4] Strategy: Output Encoding + If you need to use dynamically-generated query strings or commands in spite of the risk, properly quote arguments and escape any special characters within those arguments. + + [5] Strategy: Input Validation + Assume all input is malicious. Use an "accept known good" input validation strategy: a whitelist of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on blacklisting malicious or malformed inputs. However, blacklists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright. + Here are two possible ways to protect your web application against SQL injection attacks: + + [1] Use a stored procedure rather than dynamically built SQL query string. The way parameters are passed to SQL Server stored procedures, prevents the use of apostrophes and hyphens. + + Here is a simple example of how to use stored procedures in ASP.NET: + + ' Visual Basic example + Dim DS As DataSet + Dim MyConnection As SqlConnection + Dim MyCommand As SqlDataAdapter + + Dim SelectCommand As String = "select * from users where username = @username" + ... + MyCommand.SelectCommand.Parameters.Add(New SqlParameter("@username", SqlDbType.NVarChar, 20)) + MyCommand.SelectCommand.Parameters("@username").Value = UserNameField.Value + + + // C# example + String selectCmd = "select * from Authors where state = @username"; + SqlConnection myConnection = new SqlConnection("server=..."); + SqlDataAdapter myCommand = new SqlDataAdapter(selectCmd, myConnection); + + myCommand.SelectCommand.Parameters.Add(new SqlParameter("@username", SqlDbType.NVarChar, 20)); + myCommand.SelectCommand.Parameters["@username"].Value = UserNameField.Value; + + + [2] You can add input validation to Web Forms pages by using validation controls. Validation controls provide an easy-to-use mechanism for all common types of standard validation - for example, testing for valid dates or values within a range - plus ways to provide custom-written validation. In addition, validation controls allow you to completely customize how error information is displayed to the user. Validation controls can be used with any controls that are processed in a Web Forms page's class file, including both HTML and Web server controls. + + In order to make sure user input contains only valid values, you can use one of the following validation controls: + + a. "RangeValidator": checks that a user's entry (value) is between specified lower and upper boundaries. You can check ranges within pairs of numbers, alphabetic characters, and dates. + + b. "RegularExpressionValidator": checks that the entry matches a pattern defined by a regular expression. This type of validation allows you to check for predictable sequences of characters, such as those in social security numbers, e-mail addresses, telephone numbers, postal codes, and so on. + + Important note: validation controls do not block user input or change the flow of page processing; they only set an error state, and produce error messages. It is the programmer's responsibility to test the state of the controls in the code before performing further application-specific actions. + + There are two ways to check for user input validity: + + 1. Testing for a general error state: + + In your code, test the page's IsValid property. This property rolls up the values of the IsValid properties of all the validation controls on the page (using a logical AND). If one of the validation controls is set to invalid, the page's property will return false. + + 2. Testing for the error state of individual controls: + + Loop through the page's Validators collection, which contains references to all the validation controls. You can then examine the IsValid property of each validation control. + ** Prepared Statements: + + There are 3 possible ways to protect your application against SQL injection, i.e. malicious tampering of SQL parameters. Instead of dynamically building SQL statements, use: + + [1] PreparedStatement, which is precompiled and stored in a pool of PreparedStatement objects. PreparedStatement defines setters to register input parameters that are compatible with the supported JDBC SQL data types. For example, setString should be used for input parameters of type VARCHAR or LONGVARCHAR (refer to the Java API for further details). This way of setting input parameters prevents an attacker from manipulating the SQL statement through injection of bad characters, such as apostrophe. + + Example of how to use a PreparedStatement in J2EE: + + // J2EE PreparedStatemenet Example + // Get a connection to the database + Connection myConnection; + if (isDataSourceEnabled()) { + // using the DataSource to get a managed connection + Context ctx = new InitialContext(); + myConnection = ((DataSource)ctx.lookup(datasourceName)).getConnection(dbUserName, dbPassword); + } else { + try { + // using the DriverManager to get a JDBC connection + Class.forName(jdbcDriverClassPath); + myConnection = DriverManager.getConnection(jdbcURL, dbUserName, dbPassword); + } catch (ClassNotFoundException e) { + ... + } + } + ... + try { + PreparedStatement myStatement = myConnection.prepareStatement("select * from users where username = ?"); + myStatement.setString(1, userNameField); + ResultSet rs = myStatement.executeQuery(); + ... + rs.close(); + } catch (SQLException sqlException) { + ... + } finally { + myStatement.close(); + myConnection.close(); + } + + + [2] CallableStatement, which extends PreparedStatement to execute database SQL stored procedures. This class inherits input setters from PreparedStatement (see [1] above). + + The following example assumes that this database stored procedure has been created: + + CREATE PROCEDURE select_user (@username varchar(20)) + AS SELECT * FROM USERS WHERE USERNAME = @username; + + Example of how to use a CallableStatement in J2EE to execute the above stored procedure: + + // J2EE PreparedStatemenet Example + // Get a connection to the database + Connection myConnection; + if (isDataSourceEnabled()) { + // using the DataSource to get a managed connection + Context ctx = new InitialContext(); + myConnection = ((DataSource)ctx.lookup(datasourceName)).getConnection(dbUserName, dbPassword); + } else { + try { + // using the DriverManager to get a JDBC connection + Class.forName(jdbcDriverClassPath); + myConnection = DriverManager.getConnection(jdbcURL, dbUserName, dbPassword); + } catch (ClassNotFoundException e) { + ... + } + } + ... + try { + PreparedStatement myStatement = myConnection.prepareCall("{?= call select_user ?,?}"); + myStatement.setString(1, userNameField); + myStatement.registerOutParameter(1, Types.VARCHAR); + ResultSet rs = myStatement.executeQuery(); + ... + rs.close(); + } catch (SQLException sqlException) { + ... + } finally { + myStatement.close(); + myConnection.close(); + } + + + [3] Entity Bean, which represents an EJB business object in a persistent storage mechanism. There are two types of entity beans: bean-managed and container-managed. With bean-managed persistence, the developer is responsible of writing the SQL code to access the database (refer to sections [1] and [2] above). With container-managed persistence, the EJB container automatically generates the SQL code. As a result, the container is responsible of preventing malicious attempts to tamper with the generated SQL code. + + Example of how to use an Entity Bean in J2EE: + + // J2EE EJB Example + try { + // lookup the User home interface + UserHome userHome = (UserHome)context.lookup(User.class); + // find the User remote interface + User = userHome.findByPrimaryKey(new UserKey(userNameField)); + ... + } catch (Exception e) { + ... + } + + + RECOMMENDED JAVA TOOLS + N/A + + REFERENCES + + https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html + https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html + external + + + https://docs.oracle.com/javase/7/docs/api/java/sql/CallableStatement.html + https://docs.oracle.com/javase/7/docs/api/java/sql/CallableStatement.html + external + + + + ** Input Data Validation: + + While data validations may be provided as a user convenience on the client-tier, data validation must be performed on the server-tier using Servlets. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript. + + A good design usually requires the web application framework to provide server-side utility routines to validate the following: + [1] Required field + [2] Field data type (all HTTP request parameters are Strings by default) + [3] Field length + [4] Field range + [5] Field options + [6] Field pattern + [7] Cookie values + [8] HTTP Response + + A good practice is to implement the above routine as static methods in a "Validator" utility class. The following sections describe an example validator class. + + [1] Required field + Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces. + + Example of how to validate required fields: + + // Java example to validate required fields + public Class Validator { + ... + public static boolean validateRequired(String value) { + boolean isFieldValid = false; + if (value != null && value.trim().length() > 0) { + isFieldValid = true; + } + return isFieldValid; + } + ... + } + ... + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateRequired(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } + + + [2] Field data type + In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type. Use the Java primitive wrapper classes to check if the field value can be safely converted to the desired primitive data type. + + Example of how to validate a numeric field (type int): + + // Java example to validate that a field is an int number + public Class Validator { + ... + public static boolean validateInt(String value) { + boolean isFieldValid = false; + try { + Integer.parseInt(value); + isFieldValid = true; + } catch (Exception e) { + isFieldValid = false; + } + return isFieldValid; + } + ... + } + ... + // check if the HTTP request parameter is of type int + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } + + + A good practice is to convert all HTTP request parameters to their respective data types. For example, the developer should store the "integerValue" of a request parameter in a request attribute and use it as shown in the following example: + + // Example to convert the HTTP request parameter to a primitive wrapper data type + // and store this value in a request attribute for further processing + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // convert fieldValue to an Integer + Integer integerValue = Integer.getInteger(fieldValue); + // store integerValue in a request attribute + request.setAttribute("fieldName", integerValue); + } + ... + // Use the request attribute for further processing + Integer integerValue = (Integer)request.getAttribute("fieldName"); + ... + + + The primary Java data types that the application should handle: + - Byte + - Short + - Integer + - Long + - Float + - Double + - Date + + [3] Field length + Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length. + + Example to validate that the length of the userName field is between 8 and 20 characters: + + // Example to validate the field length + public Class Validator { + ... + public static boolean validateLength(String value, int minLength, int maxLength) { + String validatedValue = value; + if (!validateRequired(value)) { + validatedValue = ""; + } + return (validatedValue.length() >= minLength && + validatedValue.length() <= maxLength); + } + ... + } + ... + String userName = request.getParameter("userName"); + if (Validator.validateRequired(userName)) { + if (Validator.validateLength(userName, 8, 20)) { + // userName is valid, continue further processing + ... + } + } + + + [4] Field range + Always ensure that the input parameter is within a range as defined by the functional requirements. + + Example to validate that the input numberOfChoices is between 10 and 20: + + // Example to validate the field range + public Class Validator { + ... + public static boolean validateRange(int value, int min, int max) { + return (value >= min && value <= max); + } + ... + } + ... + String fieldValue = request.getParameter("numberOfChoices"); + if (Validator.validateRequired(fieldValue)) { + if (Validator.validateInt(fieldValue)) { + int numberOfChoices = Integer.parseInt(fieldValue); + if (Validator.validateRange(numberOfChoices, 10, 20)) { + // numberOfChoices is valid, continue processing request + ... + } + } + } + + + [5] Field options + Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements. + + Example to validate the user selection against a list of allowed options: + + // Example to validate user selection against a list of options + public Class Validator { + ... + public static boolean validateOption(Object[] options, Object value) { + boolean isValidValue = false; + try { + List list = Arrays.asList(options); + if (list != null) { + isValidValue = list.contains(value); + } + } catch (Exception e) { + } + return isValidValue; + } + ... + } + ... + // Allowed options + String[] options = {"option1", "option2", "option3"); + // Verify that the user selection is one of the allowed options + String userSelection = request.getParameter("userSelection"); + if (Validator.validateOption(options, userSelection)) { + // valid user selection, continue processing request + ... + } + + + [6] Field pattern + Always check that the user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression: + ^[a-zA-Z0-9]*$ + + Java 1.3 or earlier versions do not include any regular expression packages. Apache Regular Expression Package (see Resources below) is recommended for use with Java 1.3 to resolve this lack of support. Example to perform regular expression validation: + + // Example to validate that a given value matches a specified pattern + // using the Apache regular expression package + import org.apache.regexp.RE; + import org.apache.regexp.RESyntaxException; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + RE r = new RE(expression); + match = r.match(value); + } + return match; + } + ... + } + ... + // Verify that the userName request parameter is alpha-numeric + String userName = request.getParameter("userName"); + if (Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + // userName is valid, continue processing request + ... + } + + + Java 1.4 introduced a new regular expression package (java.util.regex). Here is a modified version of Validator.matchPattern using the new Java 1.4 regular expression package: + + // Example to validate that a given value matches a specified pattern + // using the Java 1.4 regular expression package + import java.util.regex.Pattern; + import java.util.regexe.Matcher; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + match = Pattern.matches(expression, value); + } + return match; + } + ... + } + + + [7] Cookie value + Use the javax.servlet.http.Cookie object to validate the cookie value. The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc. + + Example to validate a required cookie value: + + // Example to validate a required cookie value + // First retrieve all available cookies submitted in the HTTP request + Cookie[] cookies = request.getCookies(); + if (cookies != null) { + // find the "user" cookie + for (int i=0; i<cookies.length; ++i) { + if (cookies[i].getName().equals("user")) { + // validate the cookie value + if (Validator.validateRequired(cookies[i].getValue()) { + // valid cookie value, continue processing request + ... + } + } + } + } + + + [8] HTTP Response + [8-1] Filter user input + To guard the application against cross-site scripting, sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters: + < > " ' % ; ) ( & + + + Example to filter a specified string by converting sensitive characters to their corresponding character entities: + + // Example to filter sensitive data to prevent cross-site scripting + public Class Validator { + ... + public static String filter(String value) { + if (value == null) { + return null; + } + StringBuffer result = new StringBuffer(value.length()); + for (int i=0; i<value.length(); ++i) { + switch (value.charAt(i)) { + case '<': + result.append("<"); + break; + case '>': + result.append(">"); + break; + case '"': + result.append("""); + break; + case '\'': + result.append("'"); + break; + case '%': + result.append("%"); + break; + case ';': + result.append(";"); + break; + case '(': + result.append("("); + break; + case ')': + result.append(")"); + break; + case '&': + result.append("&"); + break; + case '+': + result.append("+"); + break; + default: + result.append(value.charAt(i)); + break; + } + return result; + } + ... + } + ... + // Filter the HTTP response using Validator.filter + PrintWriter out = response.getWriter(); + // set output response + out.write(Validator.filter(response)); + out.close(); + + + The Java Servlet API 2.3 introduced Filters, which supports the interception and transformation of HTTP requests or responses. + + Example of using a Servlet Filter to sanitize the response using Validator.filter: + + // Example to filter all sensitive characters in the HTTP response using a Java Filter. + // This example is for illustration purposes since it will filter all content in the response, including HTML tags! + public class SensitiveCharsFilter implements Filter { + ... + public void doFilter(ServletRequest request, + ServletResponse response, + FilterChain chain) + throws IOException, ServletException { + + PrintWriter out = response.getWriter(); + ResponseWrapper wrapper = new ResponseWrapper((HttpServletResponse)response); + chain.doFilter(request, wrapper); + + CharArrayWriter caw = new CharArrayWriter(); + caw.write(Validator.filter(wrapper.toString())); + + response.setContentType("text/html"); + response.setContentLength(caw.toString().length()); + out.write(caw.toString()); + out.close(); + } + ... + public class CharResponseWrapper extends HttpServletResponseWrapper { + private CharArrayWriter output; + + public String toString() { + return output.toString(); + } + + public CharResponseWrapper(HttpServletResponse response){ + super(response); + output = new CharArrayWriter(); + } + + public PrintWriter getWriter(){ + return new PrintWriter(output); + } + } + } + + } + + + [8-2] Secure the cookie + When storing sensitive data in a cookie, make sure to set the secure flag of the cookie in the HTTP response, using Cookie.setSecure(boolean flag) to instruct the browser to send the cookie using a secure protocol, such as HTTPS or SSL. + + Example to secure the "user" cookie: + + // Example to secure a cookie, i.e. instruct the browser to + // send the cookie using a secure protocol + Cookie cookie = new Cookie("user", "sensitive"); + cookie.setSecure(true); + response.addCookie(cookie); + + + RECOMMENDED JAVA TOOLS + The two main Java frameworks for server-side validation are: + [1] Jakarta Commons Validator (integrated with Struts 1.1) + The Jakarta Commons Validator is a powerful framework that implements all the above data validation requirements. These rules are configured in an XML file that defines input validation rules for form fields. Struts supports output filtering of dangerous characters in the [8] HTTP Response by default on all data written using the Struts 'bean:write' tag. This filtering may be disabled by setting the 'filter=false' flag. + + Struts defines the following basic input validators, but custom validators may also be defined: + required: succeeds if the field contains any characters other than white space. + mask: succeeds if the value matches the regular expression given by the mask attribute. + range: succeeds if the value is within the values given by the min and max attributes ((value >= min) & (value <= max)). + maxLength: succeeds if the field is length is less than or equal to the max attribute. + minLength: succeeds if the field is length is greater than or equal to the min attribute. + byte, short, integer, long, float, double: succeeds if the value can be converted to the corresponding primitive. + date: succeeds if the value represents a valid date. A date pattern may be provided. + creditCard: succeeds if the value could be a valid credit card number. + e-mail: succeeds if the value could be a valid e-mail address. + + Example to validate the userName field of a loginForm using Struts Validator: + <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> + + + [2] JavaServer Faces Technology + JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events and input validation. + + The JavaServer Faces API implements the following basic validators, but custom validators may be defined: + validate_doublerange: registers a DoubleRangeValidator on a component + validate_length: registers a LengthValidator on a component + validate_longrange: registers a LongRangeValidator on a component + validate_required: registers a RequiredValidator on a component + validate_stringrange: registers a StringRangeValidator on a component + validator: registers a custom Validator on a component + + The JavaServer Faces API defines the following UIInput and UIOutput Renderers (Tags): + input_date: accepts a java.util.Date formatted with a java.text.Date instance + output_date: displays a java.util.Date formatted with a java.text.Date instance + input_datetime: accepts a java.util.Date formatted with a java.text.DateTime instance + output_datetime: displays a java.util.Date formatted with a java.text.DateTime instance + input_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat + output_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat + input_text: accepts a text string of one line. + output_text: displays a text string of one line. + input_time: accepts a java.util.Date, formatted with a java.text.DateFormat time instance + output_time: displays a java.util.Date, formatted with a java.text.DateFormat time instance + input_hidden: allows a page author to include a hidden variable in a page + input_secret: accepts one line of text with no spaces and displays it as a set of asterisks as it is typed + input_textarea: accepts multiple lines of text + output_errors: displays error messages for an entire page or error messages associated with a specified client identifier + output_label: displays a nested component as a label for a specified input field + output_message: displays a localized message + + Example to validate the userName field of a loginForm using JavaServer Faces: + <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> + + + + REFERENCES + Java API 1.3 - + + https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html + https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html + external + + Java API 1.4 - + + https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html + https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html + external + + Java Servlet API 2.3 - + + https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api + https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api + external + + Java Regular Expression Package - + + http://jakarta.apache.org/regexp/ + http://jakarta.apache.org/regexp/ + external + + Jakarta Validator - + + http://jakarta.apache.org/commons/validator/ + http://jakarta.apache.org/commons/validator/ + external + + JavaServer Faces Technology - + + http://www.javaserverfaces.org/ + http://www.javaserverfaces.org/ + external + + + ** Error Handling: + + Many J2EE web application architectures follow the Model View Controller (MVC) pattern. In this pattern a Servlet acts as a Controller. A Servlet delegates the application processing to a JavaBean such as an EJB Session Bean (the Model). The Servlet then forwards the request to a JSP (View) to render the processing results. Servlets should check all input, output, return codes, error codes and known exceptions to ensure that the expected processing actually occurred. + + While data validation protects applications against malicious data tampering, a sound error handling strategy is necessary to prevent the application from inadvertently disclosing internal error messages such as exception stack traces. A good error handling strategy addresses the following items: + + [1] Defining Errors + [2] Reporting Errors + [3] Rendering Errors + [4] Error Mapping + + [1] Defining Errors + Hard-coded error messages in the application layer (e.g. Servlets) should be avoided. Instead, the application should use error keys that map to known application failures. A good practice is to define error keys that map to validation rules for HTML form fields or other bean properties. For example, if the "user_name" field is required, is alphanumeric, and must be unique in the database, then the following error keys should be defined: + + (a) ERROR_USERNAME_REQUIRED: this error key is used to display a message notifying the user that the "user_name" field is required; + (b) ERROR_USERNAME_ALPHANUMERIC: this error key is used to display a message notifying the user that the "user_name" field should be alphanumeric; + (c) ERROR_USERNAME_DUPLICATE: this error key is used to display a message notifying the user that the "user_name" value is a duplicate in the database; + (d) ERROR_USERNAME_INVALID: this error key is used to display a generic message notifying the user that the "user_name" value is invalid; + + A good practice is to define the following framework Java classes which are used to store and report application errors: + + - ErrorKeys: defines all error keys + + // Example: ErrorKeys defining the following error keys: + // - ERROR_USERNAME_REQUIRED + // - ERROR_USERNAME_ALPHANUMERIC + // - ERROR_USERNAME_DUPLICATE + // - ERROR_USERNAME_INVALID + // ... + public Class ErrorKeys { + public static final String ERROR_USERNAME_REQUIRED = "error.username.required"; + public static final String ERROR_USERNAME_ALPHANUMERIC = "error.username.alphanumeric"; + public static final String ERROR_USERNAME_DUPLICATE = "error.username.duplicate"; + public static final String ERROR_USERNAME_INVALID = "error.username.invalid"; + ... + } + + - Error: encapsulates an individual error + + // Example: Error encapsulates an error key. + // Error is serializable to support code executing in multiple JVMs. + public Class Error implements Serializable { + + // Constructor given a specified error key + public Error(String key) { + this(key, null); + } + + // Constructor given a specified error key and array of placeholder objects + public Error(String key, Object[] values) { + this.key = key; + this.values = values; + } + + // Returns the error key + public String getKey() { + return this.key; + } + + // Returns the placeholder values + public Object[] getValues() { + return this.values; + } + + private String key = null; + private Object[] values = null; + } + + + - Errors: encapsulates a Collection of errors + + // Example: Errors encapsulates the Error objects being reported to the presentation layer. + // Errors are stored in a HashMap where the key is the bean property name and value is an + // ArrayList of Error objects. + public Class Errors implements Serializable { + + // Adds an Error object to the Collection of errors for the specified bean property. + public void addError(String property, Error error) { + ArrayList propertyErrors = (ArrayList)errors.get(property); + if (propertyErrors == null) { + propertyErrors = new ArrayList(); + errors.put(property, propertyErrors); + } + propertyErrors.put(error); + } + + // Returns true if there are any errors + public boolean hasErrors() { + return (errors.size > 0); + } + + // Returns the Errors for the specified property + public ArrayList getErrors(String property) { + return (ArrayList)errors.get(property); + } + + private HashMap errors = new HashMap(); + } + + + Using the above framework classes, here is an example to process validation errors of the "user_name" field: + + // Example to process validation errors of the "user_name" field. + Errors errors = new Errors(); + String userName = request.getParameter("user_name"); + // (a) Required validation rule + if (!Validator.validateRequired(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_REQUIRED)); + } // (b) Alpha-numeric validation rule + else if (!Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_ALPHANUMERIC)); + } + else + { + // (c) Duplicate check validation rule + // We assume that there is an existing UserValidationEJB session bean that implements + // a checkIfDuplicate() method to verify if the user already exists in the database. + try { + ... + if (UserValidationEJB.checkIfDuplicate(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE)); + } + } catch (RemoteException e) { + // log the error + logger.error("Could not validate user for specified userName: " + userName); + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE); + } + } + // set the errors object in a request attribute called "errors" + request.setAttribute("errors", errors); + ... + + + [2] Reporting Errors + There are two ways to report web-tier application errors: + (a) Servlet Error Mechanism + (b) JSP Error Mechanism + + [2-a] Servlet Error Mechanism + A Servlet may report errors by: + - forwarding to the input JSP (having already stored the errors in a request attribute), OR + - calling response.sendError with an HTTP error code argument, OR + - throwing an exception + + It is good practice to process all known application errors (as described in section [1]), store them in a request attribute, and forward to the input JSP. The input JSP should display the error messages and prompt the user to re-enter the data. The following example illustrates how to forward to an input JSP (userInput.jsp): + + // Example to forward to the userInput.jsp following user validation errors + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd != null) { + rd.forward(request, response); + } + + + If the Servlet cannot forward to a known JSP page, the second option is to report an error using the response.sendError method with HttpServletResponse.SC_INTERNAL_SERVER_ERROR (status code 500) as argument. Refer to the javadoc of javax.servlet.http.HttpServletResponse for more details on the various HTTP status codes. Example to return a HTTP error: + + // Example to return a HTTP error code + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd == null) { + // messages is a resource bundle with all message keys and values + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + messages.getMessage(ErrorKeys.ERROR_USERNAME_INVALID)); + } + + + As a last resort, Servlets can throw an exception, which must be a subclass of one of the following classes: + - RuntimeException + - ServletException + - IOException + + [2-b] JSP Error Mechanism + JSP pages provide a mechanism to handle runtime exceptions by defining an errorPage directive as shown in the following example: + + <%@ page errorPage="/errors/userValidation.jsp" %> + + + Uncaught JSP exceptions are forwarded to the specified errorPage, and the original exception is set in a request parameter called javax.servlet.jsp.jspException. The error page must include a isErrorPage directive as shown below: + + <%@ page isErrorPage="true" %> + + + The isErrorPage directive causes the "exception" variable to be initialized to the exception object being thrown. + + [3] Rendering Errors + The J2SE Internationalization APIs provide utility classes for externalizing application resources and formatting messages including: + + (a) Resource Bundles + (b) Message Formatting + + [3-a] Resource Bundles + Resource bundles support internationalization by separating localized data from the source code that uses it. Each resource bundle stores a map of key/value pairs for a specific locale. + + It is common to use or extend java.util.PropertyResourceBundle, which stores the content in an external properties file as shown in the following example: + + ################################################ + # ErrorMessages.properties + ################################################ + # required user name error message + error.username.required=User name field is required + + # invalid user name format + error.username.alphanumeric=User name must be alphanumeric + + # duplicate user name error message + error.username.duplicate=User name {0} already exists, please choose another one + + ... + + + Multiple resources can be defined to support different locales (hence the name resource bundle). For example, ErrorMessages_fr.properties can be defined to support the French member of the bundle family. If the resource member of the requested locale does not exist, the default member is used. In the above example, the default resource is ErrorMessages.properties. Depending on the user's locale, the application (JSP or Servlet) retrieves content from the appropriate resource. + + [3-b] Message Formatting + The J2SE standard class java.util.MessageFormat provides a generic way to create messages with replacement placeholders. A MessageFormat object contains a pattern string with embedded format specifiers as shown below: + + // Example to show how to format a message using placeholder parameters + String pattern = "User name {0} already exists, please choose another one"; + String userName = request.getParameter("user_name"); + Object[] args = new Object[1]; + args[0] = userName; + String message = MessageFormat.format(pattern, args); + + + Here is a more comprehensive example to render error messages using ResourceBundle and MessageFormat: + + // Example to render an error message from a localized ErrorMessages resource (properties file) + // Utility class to retrieve locale-specific error messages + public Class ErrorMessageResource { + + // Returns the error message for the specified error key in the environment locale + public String getErrorMessage(String errorKey) { + return getErrorMessage(errorKey, defaultLocale); + } + + // Returns the error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Locale locale) { + return getErrorMessage(errorKey, null, locale); + } + + // Returns a formatted error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Object[] args, Locale locale) { + // Get localized ErrorMessageResource + ResourceBundle errorMessageResource = ResourceBundle.getBundle("ErrorMessages", locale); + // Get localized error message + String errorMessage = errorMessageResource.getString(errorKey); + if (args != null) { + // Format the message using the specified placeholders args + return MessageFormat.format(errorMessage, args); + } else { + return errorMessage; + } + } + + // default environment locale + private Locale defaultLocale = Locale.getDefaultLocale(); + } + ... + // Get the user's locale + Locale userLocale = request.getLocale(); + // Check if there were any validation errors + Errors errors = (Errors)request.getAttribute("errors"); + if (errors != null && errors.hasErrors()) { + // iterate through errors and output error messages corresponding to the "user_name" property + ArrayList userNameErrors = errors.getErrors("user_name"); + ListIterator iterator = userNameErrors.iterator(); + while (iterator.hasNext()) { + // Get the next error object + Error error = (Error)iterator.next(); + String errorMessage = ErrorMessageResource.getErrorMessage(error.getKey(), userLocale); + output.write(errorMessage + "\r\n"); + } + } + + + It is recommended to define a custom JSP tag, e.g. displayErrors, to iterate through and render error messages as shown in the above example. + + [4] Error Mapping + Normally, the Servlet Container will return a default error page corresponding to either the response status code or the exception. A mapping between the status code or the exception and a web resource may be specified using custom error pages. It is a good practice to develop static error pages that do not disclose internal error states (by default, most Servlet containers will report internal error messages). This mapping is configured in the Web Deployment Descriptor (web.xml) as specified in the following example: + + <!-- Mapping of HTTP error codes and application exceptions to error pages --> + <error-page> + <exception-type>UserValidationException</exception-type> + <location>/errors/validationError.html</error-page> + </error-page> + <error-page> + <error-code>500</exception-type> + <location>/errors/internalError.html</error-page> + </error-page> + <error-page> + ... + </error-page> + ... + + + + RECOMMENDED JAVA TOOLS + The two main Java frameworks for server-side validation are: + [1] Jakarta Commons Validator (integrated with Struts 1.1) + The Jakarta Commons Validator is a Java framework that defines the error handling mechanism as described above. Validation rules are configured in an XML file that defines input validation rules for form fields and the corresponding validation error keys. Struts provides internationalization support to build localized applications using resource bundles and message formatting. + + Example to validate the userName field of a loginForm using Struts Validator: + <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> + + + The Struts JSP tag library defines the "errors" tag that conditionally displays a set of accumulated error messages as shown in the following example: + + <%@ page language="java" %> + <%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %> + <%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %> + <html:html> + <head> + <body> + <html:form action="/logon.do"> + <table border="0" width="100%"> + <tr> + <th align="right"> + <html:errors property="username"/> + <bean:message key="prompt.username"/> + </th> + <td align="left"> + <html:text property="username" size="16"/> + </td> + </tr> + <tr> + <td align="right"> + <html:submit><bean:message key="button.submit"/></html:submit> + </td> + <td align="right"> + <html:reset><bean:message key="button.reset"/></html:reset> + </td> + </tr> + </table> + </html:form> + </body> + </html:html> + + + [2] JavaServer Faces Technology + JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events, validate input, and support internationalization. + + The JavaServer Faces API defines the "output_errors" UIOutput Renderer, which displays error messages for an entire page or error messages associated with a specified client identifier. + + Example to validate the userName field of a loginForm using JavaServer Faces: + <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> + + + REFERENCES + Java API 1.3 - + + https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html + https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html + external + + Java API 1.4 - + + https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html + https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html + external + + Java Servlet API 2.3 - + + https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api + https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api + external + + Java Regular Expression Package - + + http://jakarta.apache.org/regexp/ + http://jakarta.apache.org/regexp/ + external + + Jakarta Validator - + + http://jakarta.apache.org/commons/validator/ + http://jakarta.apache.org/commons/validator/ + external + + JavaServer Faces Technology - + + http://www.javaserverfaces.org/ + http://www.javaserverfaces.org/ + external + + ** Filter User Input + + Before passing any data to a SQL query, it should always be properly filtered with whitelisting techniques. This cannot be over-emphasized. Filtering user input will correct many injection flaws before they arrive at the database. + + ** Quote User Input + + Regardless of data type, it is always a good idea to place single quotes around all user data if this is permitted by the database. MySQL allows this formatting technique. + + ** Escape the Data Values + + If you're using MySQL 4.3.0 or newer, you should escape all strings with mysql_real_escape_string(). If you are using an older version of MySQL, you should use the mysql_escape_string() function. If you are not using MySQL, you might choose to use the specific escaping function for your particular database. If you are not aware of an escaping function, you might choose to utilize a more generic escaping function such as addslashes(). + + If you're using the PEAR DB database abstraction layer, you can use the DB::quote() method or use a query placeholder like ?, which automatically escapes the value that replaces the placeholder. + + REFERENCES + + http://ca3.php.net/mysql_real_escape_string + http://ca3.php.net/mysql_real_escape_string + external + + + http://ca.php.net/mysql_escape_string + http://ca.php.net/mysql_escape_string + external + + + http://ca.php.net/addslashes + http://ca.php.net/addslashes + external + + + http://pear.php.net/package-info.php?package=DB + http://pear.php.net/package-info.php?package=DB + external + + + + ** Input Data Validation: + + While data validations may be provided as a user convenience on the client-tier, data validation must always be performed on the server-tier. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript. + + A good design usually requires the web application framework to provide server-side utility routines to validate the following: + [1] Required field + [2] Field data type (all HTTP request parameters are Strings by default) + [3] Field length + [4] Field range + [5] Field options + [6] Field pattern + [7] Cookie values + [8] HTTP Response + + A good practice is to implement a function or functions that validates each application parameter. The following sections describe some example checking. + + [1] Required field + Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces. + + Example of how to validate required fields: + + // PHP example to validate required fields + function validateRequired($input) { + ... + $pass = false; + if (strlen(trim($input))>0){ + $pass = true; + } + return $pass; + ... + } + ... + if (validateRequired($fieldName)) { + // fieldName is valid, continue processing request + ... + } + + + + [2] Field data type + In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type. + + [3] Field length + Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length. + + [4] Field range + Always ensure that the input parameter is within a range as defined by the functional requirements. + + [5] Field options + Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements. + + [6] Field pattern + Always check that user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression: + ^[a-zA-Z0-9]+$ + + [7] Cookie value + The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc. + + [8] HTTP Response + + [8-1] Filter user input + To guard the application against cross-site scripting, the developer should sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters: + < > " ' % ; ) ( & + + + PHP includes some automatic sanitization utility functions, such as htmlentities(): + + $input = htmlentities($input, ENT_QUOTES, 'UTF-8'); + + + In addition, in order to avoid UTF-7 variants of Cross-site Scripting, you should explicitly define the Content-Type header of the response, for example: + + <?php + + header('Content-Type: text/html; charset=UTF-8'); + + ?> + + + [8-2] Secure the cookie + + When storing sensitive data in a cookie and transporting it over SSL, make sure that you first set the secure flag of the cookie in the HTTP response. This will instruct the browser to only use that cookie over SSL connections. + + You can use the following code example, for securing the cookie: + + <$php + + $value = "some_value"; + $time = time()+3600; + $path = "/application/"; + $domain = ".example.com"; + $secure = 1; + + setcookie("CookieName", $value, $time, $path, $domain, $secure, TRUE); + ?> + + + + In addition, we recommend that you use the HttpOnly flag. When the HttpOnly flag is set to TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers). + + The HttpOnly flag was Added in PHP 5.2.0. + + REFERENCES + + [1] Mitigating Cross-site Scripting With HTTP-only Cookies: + + http://msdn2.microsoft.com/en-us/library/ms533046.aspx + http://msdn2.microsoft.com/en-us/library/ms533046.aspx + external + + [2] PHP Security Consortium: + + http://phpsec.org/ + http://phpsec.org/ + external + + [3] PHP & Web Application Security Blog (Chris Shiflett): + + http://shiflett.org/ + http://shiflett.org/ + external + + + + + "Web Application Disassembly with ODBC Error Messages" (By David Litchfield) + http://www.cgisecurity.com/lib/webappdis.doc + external + + + + + attDirectoryFound + Hidden Directory Detected + 200 + + This issue may affect different types of products. + + + The web server or application server are configured in an insecure way + + + It is possible to retrieve information about the site's file system structure, which may help the attacker to map the web site + The web application has exposed the presence of a directory in the site. Although the directory does not list its content, the information may help an attacker to develop further attacks against the site. For example, by knowing the directory name, an attacker can guess its content type and possibly file names that reside in it, or sub directories under it, and try to access them. + The more sensitive the content is, the more severe this issue may be. + + + If the forbidden resource is not required, remove it from the site. + If possible, issue a "404 - Not Found" response status code instead of "403 - Forbidden". This change will obfuscate the presence of the directory in the site, and will prevent the site structure from being exposed. + + + + attDirOptions + Insecure "OPTIONS" HTTP Method Enabled + 74 + + This issue may affect different types of products + + + The web server or application server are configured in an insecure way + + + It is possible to upload, modify or delete web pages, scripts and files on the web server + It seems that the web server is configured to allow one (or more) of the following HTTP methods (verbs): + - DELETE + - SEARCH + - COPY + - MOVE + - PROPFIND + - PROPPATCH + - MKCOL + - LOCK + - UNLOCK + - PUT + + These methods may indicate that WebDAV is enabled on the server, and may allow unauthorized users to exploit it. + + + If you do not need WebDAV enabled on your server, make sure that you either disable it, or disallow HTTP methods (verbs) that are unneeded. + + + + WASC Threat Classification: Content Spoofing + http://www.webappsec.org/projects/threat/classes/content_spoofing.shtml + external + + + + + attContentSecurityPolicy + Missing "Content-Security-Policy" header + 1032 + + This issue may affect different types of products + + + Insecure web application programming or configuration + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations + It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc. + The absence or improper values of CSP can cause the web application being vulnerable to XSS, clickjacking, etc. + The "Content-Security-Policy" header is designed to modify the way browsers render pages, and thus to protect from various cross-site injections, including Cross-Site Scripting. It is important to set the header value correctly, in a way that will not prevent proper operation of the web site. For example, if the header is set to prevent execution of inline JavaScript, the web site must not use inline JavaScript in its pages. + To protect against Cross-Site Scripting, Cross-Frame Scripting and clickjacking, it is important to set the following policies with proper values: + Both of 'default-src' and 'frame-ancestors' policies, *OR* all of 'script-src', 'object-src' and 'frame-ancestors’ policies. + For 'default-src', 'script-src' and 'object-src', insecure values such as '*', 'data:', 'unsafe-inline' or 'unsafe-eval' should be avoided. + For 'frame-ancestors', insecure values such as '*' or 'data:' should be avoided. + Additionally for 'script-src', and 'default-src' (fallback directive for 'script-src') 'self' is considered insecure and should be avoided. + Please refer the following links for more information. + Please note that “Content-Security-Policy” includes four different tests. A general test that verifies if the "Content-Security-Policy" header is being used and three additional tests that check if "Frame-Ancestors", "Object-Src" and "Script-Src" were configured correctly. + + + Configure your server to send the "Content-Security-Policy" header. + It is recommended to configure Content-Security-Policy header with secure values for its directives as below: + For 'default-src', and 'script-src' secure values such as 'none', or https://any.example.com. + For 'frame-ancestors', and 'object-src' secure values such as 'self', 'none' or https://any.example.com are expected. + "unsafe-inline" and "unsafe-eval" must not be used in any circumstance. Using nonce / hash would be only considered for short-term workaround. + For Apache, see: + http://httpd.apache.org/docs/2.2/mod/mod_headers.html + For IIS, see: + https://technet.microsoft.com/pl-pl/library/cc753133%28v=ws.10%29.aspx + For nginx, see: + http://nginx.org/en/docs/http/ngx_http_headers_module.html + + + + List of some secure Headers + https://owasp.org/www-project-secure-headers/ + external + + + An Introduction to Content Security Policy + http://www.html5rocks.com/en/tutorials/security/content-security-policy/ + external + + + MDN web docs - Content-Security-Policy + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy + external + + + + + ContentTypeOptions + Missing or insecure "X-Content-Type-Options" header + 200 + + This issue may affect different types of products + + + Insecure web application programming or configuration + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations + It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc. + The "X-Content-Type-Options" header (with "nosniff" value) prevents IE and Chrome from ignoring the content-type of a response. + This action may prevent untrusted content (e.g. user uploaded content) from being executed on the user browser (after a malicious naming, for example). + + + Configure your server to send the "X-Content-Type-Options" header with value "nosniff" on all outgoing requests. + + For Apache, see: + + http://httpd.apache.org/docs/2.2/mod/mod_headers.html + http://httpd.apache.org/docs/2.2/mod/mod_headers.html + external + + For IIS, see: + + https://technet.microsoft.com/pl-pl/library/cc753133%28v=ws.10%29.aspx + https://technet.microsoft.com/pl-pl/library/cc753133%28v=ws.10%29.aspx + external + + For nginx, see: + + http://nginx.org/en/docs/http/ngx_http_headers_module.html + http://nginx.org/en/docs/http/ngx_http_headers_module.html + external + + + + + List of useful HTTP headers + https://www.owasp.org/index.php/List_of_useful_HTTP_headers + external + + + Reducing MIME type security risks + https://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx + external + + + + + attTempDirectoryFound + Temporary Directory Found + 200 + + This issue may affect different types of products. + + + The web server or application server are configured in an insecure way + + + It is possible to retrieve information about the site's file system structure, which may help the attacker to map the web site + The web application has exposed the presence of a directory in the site. Although the directory does not list its content, the information may help an attacker to develop further attacks against the site. For example, by knowing the directory name, an attacker can guess its content type and possibly file names that reside in it, or sub directories under it, and try to access them. + The more sensitive the content is, the more severe this issue may be. + + + If the forbidden resource is not required, remove it from the site. + If possible, issue a "404 - Not Found" response status code instead of "403 - Forbidden". This change will obfuscate the presence of the directory in the site, and will prevent the site structure from being exposed. + + + + JavaStackTrace + Java Stack Trace + + There is a Java stack trace payload in the response + + + Sensitive data is exposed to all clients + + + Display a generic error message + + + + Quality.Comments + HTML Comments Sensitive Information Disclosure + 615 + + Many web application programmers use HTML comments to help debug the application when needed. While adding general comments is very useful, some programmers tend to leave important data in client-side comments, such as filenames related to the web application, links which were not meant to be browsed by users, old code fragments including passwords, etc. + Comments such as BUG, FIXME, and TODO may be an indication of missing security functionality and checking. Others indicate code problems that you should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues. Comments in HTML and JavaScript are usually easily viewable by end users. + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations. + An attacker who finds these comments can map the application's structure and files, expose hidden parts of the site, and study the fragments of code to reverse engineer the application, which may help develop further attacks against the site. + + + Remove client-side comments that could reveal internal information for development time. Consider processing files before deployment to automatically remove all comments. This allows comments to be visible to internal developers but not to external users. + Do not leave any sensitive information, such as filenames, file paths, passwords, or SQL queries, in HTML or JavaScript comments. + Remove traces of previous (or future) site links in the production site comments. + + + Java + .NET + + + + attReferrerPolicyHeaderExist + Missing "Referrer policy" Security Header + 200 + + This issue may affect different types of products + + + Insecure web application programming or configuration + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations + It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc. + The absence or improper values of Referrer Policy can cause URL leak itself, and even sensitive information contained in the URL will be leaked to the cross-site. + This is a part of ruleset to check if Referrer Policy is present and if so to test its configuration. The "Referer Policy" header defines what data is made available in the Referer header, and for navigation and iframes in the destination's (document.referrer). This header is designed to modify the way browsers render pages, and thus to prevent cross-domain Referer leakage. It is important to set the header value correctly, in a way that will not prevent proper operation of the web site. + Referer header is a request header that indicates the site which the traffic originated from. If there is no adequate prevention in place, the URL itself, and even sensitive information contained in the URL will be leaked to the cross-site. + + "no-referrer-when-downgrade" and "unsafe-url" are the policies which leaks the Full Url for the ThirdParty Sites. The remaining policies are"no-referrer", "origin", "origin-when-cross-origin","same-origin", "strict-origin", "strict-origin-when-cross-origin. + + Please refer the following links for more information. + + + Configure your server to send the "Referrer Policy" header. + It is recommended to configure Referrer Policy header with secure values for its directives as below: + "strict-origin-when-cross-origin" offers more privacy. With this policy, only the origin is sent in the Referer header of cross-origin requests. + + For Google Chrome, see: + + https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default + https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default + external + + For Firefox , see: + + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy. + external + + + + + MDN web docs - Referrer-Policy + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy + external + + + + + \ No newline at end of file diff --git a/unittests/scans/hcl_appscan/no_findings.xml b/unittests/scans/hcl_appscan/no_findings.xml new file mode 100644 index 00000000000..f7a42674d5c --- /dev/null +++ b/unittests/scans/hcl_appscan/no_findings.xml @@ -0,0 +1,695 @@ + + + + added + added to request: + Additional Data: + Advisories + Affected Products: + Vulnerable URLs + Concurrent Logins: + Application Data + Application Server: + AppScan Severity + Harmless + This request/response contains binary content, which is not included in generated reports. + Body + Failed Requests + Cause + Causes + Causes: + Id + Name + The following weak cipher suites are supported by the server: + Code + Comment + Comments + Cookie + Cookies + CVE: + CWE: + Detailed Summary + A detailed listing of the scan results, including all issue types found, all recommended remediation tasks, all vulnerable URLs, etc. This section is intended to provide a more detailed understanding of the security status of the application, as well as assist in scoping and prioritizing the work required to remedy issues found. + Tracked or session ID cookies: + Tracked or session ID parameters: + Difference: + Document Map + This report consists of the following sections: + Domain + .Net + JavaScript execution: + Entity + Entity: + Example + Summary + This section provides a high level view of the information gathered during the scan, using graphs or comparative numbers. It is intended to provide a general understanding of the security status of the application. + Expires + Filtered URLs + First Set + Fix + Fix: + Fix Recommendations + General + General Information + Header + High + High severity issues: + Host: + Index + Informational + Informational severity issues: + Introduction + Introduction and Objectives + General information about the scan, including the project name, purpose of the scan, etc. + Issue + Issues Sorted by Issue Type + Issues Sorted by URL + Issues detected across + Issue Type + Issue Types + Issue Types + J2EE + JavaScripts + Login Settings + Low + Low severity issues: + Malicious + manipulated from: + Medium + Medium severity issues: + Method + Name + New URLs + Report Produced on Tree node: + this is now the same as the one below - should be removed + Number of Issues + Objectives + AppScan performs real-time security assessments on web applications. These assessments aim to uncover any security issues in the application, explain the impact and risks associated with these issues, and provide guidance in planning and prioritizing remediation. The objective of this assignment was to perform controlled attack and penetration activities to assess the overall level of security of the application. + of + Operating system: + Original Request + Original Requests and Responses: + Original Response + Parameter + Parameters + Path + PHP + Query + Raw Test Response: + Reason + Reasoning: + Login sequence: + References: + Regulations + Remaining URLs + Remediation Task + removed + removed from request: + Removed URLs + Comprehensive Security Report + AppScan Web Application Security Report + Requested URL + Request + Response + Risk + Risk: + Rules: + Scan started: + Scan file name: + Sections + sections of the regulation: + Violated Section + GDPR Articles + Section Violation by Issue + Secure + Detailed Security Issues by Sections + Security Risks + Security Risks: + Login method: + In-session detection: + In-session pattern: + Severity + Severity: + Unique issues detected across + SSL Version + Table of Contents + Test Description: + Test Login + Test policy: + Test Request: + Test Requests and Responses: + Test Response (first) + Test Response + Test Response (last) + Test Response (next-to-last) + Technical Description: + Test Type: + Threat + WASC Threat Classification + Threat Classification: + TOC + to: + Total security issues included in the report: + Total security issues: + total security issues + Type + Unwanted + URL + URL: + Valid Login + Value + Variant + Visited URLs + Vulnerable URLs + Web server: + Issue Types that this task fixes + Simulation of the pop-up that appears when this page is opened in a browser + Location + Intent Action: + Intent Class: + Intent Data: + Intent Extra: + Intent Package: + Payload + Issues: + Method Signature: + Issue Validation Parameters: + Thread: + Timestamp: + Trace: + Issue Information + This issue was detected by AppScan's Mobile Analyzer. + Call Stack: + Header: + XML: + File Name: + File Permission: + Synopsis: + Dump: + Manifest: + Request: + Method Information + Signature: + File: + Name: + Permissions: + Class + Function + Line + Created by: + Summary of security issues + Issues + Go to Table of Contents + Issue Types: + Application Version: + Scan Name: + First Variant: + Variants Found: + OWASP: + X-Force: + (Only the first one is displayed) + No security issues discovered in the scan + Scan status: + Note that the scan on which this report is based was not completed. + Success + Refer to the site for more details. + Sink + Source + OWASP Top 10 + File Path: + Reference: + Free Plan + Please Note: + This summary report was created with the Application Security Analyzer Free Plan. Once you purchase the full service you will have access to a complete report with detailed descriptions of the issues found and how to remediate them. + Activities: + Coverage + Activities + This report includes important security information about your mobile application. + Fix Recommendations: + Component + Glossary + Privacy: + Symbols Found: + Mobile Application Report + Class Signature: + Defining Class + Controllable Object Fields: + Receivers: + Services: + Receivers + Services + Method Signature: + Issue Information: + Settings For Target: + Provider: + Sample Report + Login Mode: + Views: + Views + None + Automatic + Manual + Calling Line + Calling Method + Class + Classification + Critical + Date Created + Discovery Method + Last Updated + Package + Scans: + Severity Value + Status + API + Element + Scheme + Sink: + Source: + Trace + Source File + Access Complexity + Access Vector + Authentication + Availability Impact + Confidentiality Impact + CVE + CVSS + Description + Exploitability + Integrity Impact + Summary + Activities that were tested for security vulnerabilities, as defined in the app's manifest. + Issue Types that ASoC has tested your application for. + Receivers that were tested for security vulnerabilities, as defined in the app's manifest. + Services that were tested for security vulnerabilities, as defined in the app's manifest. + Titles of Views encountered when crawling the app. + Leaked Information: + Password: + User Name: + Mitigation: + Alternate Fix Suggestions + This method is a part of the application code and appears in each of the grouped issue's traces. You should begin investigating a possible fix in the implementation of the method. + This method is a third-party API, with a common caller in each of the grouped issue's traces. You should begin investigating a possible fix at the caller: + Replace/Repair Vulnerable OpenSource: + Please refer to the details of this issue for fix recommendations. + Business Impact: + Created: + Security Report for: + Regulation Report for: + Notes: + - Details + - Discussion + Contains: + {0} issues + (out of {0}) + - Audit Trail + Cause: + HCL Application Security on Cloud, Version + Directory: + Constant Value: + Found in: + Informational + Low + Medium + High + Critical + User Supplied Credit Card Number: + User Supplied Id: + User Supplied Input: + User Supplied Password: + User Supplied Phone Number: + User Supplied User Name: + - Fix Recommendation + Included for each issue separately. + Port: + Application Name: + Copyleft: + Copyright Risk: + Date: + Library Name: + License Name: + Open Source Report + Licenses + Linking: + Patent Risk: + Reference Type: + Reference URL: + Risk Level: + Libraries with high risk level: + Libraries with low risk level: + Libraries with medium risk level: + Libraries with unknown risk level: + Royalty Free: + Total Open Source Libraries: + AppScan on Cloud + Anyone who distributes a modification of the code or a product that is based on or contains part of the code may be required to make publicly available the source code for the product or modification, subject to an exception for software that dynamically links to the original code. (example: LGPL). + Anyone who distributes a modification of the code may be required to make the source code for the modification publicly available at no charge. + Licensee may use the code without restriction. + Anyone who develops a product that is based on or contains part of the code, or who modifies the code, may be required to make publicly available the source code for that product or modification if s/he (a) distributes the software or (b) enables others to use the software via hosted or web services. (example: Affero) + Anyone who distributes a modification of the code or a product that is based on or contains part of the code may be required to make publicly available the source code for the product or modification. (example: GPL). + Anyone who distributes the code must provide certain notices, attributions and/or license terms in documentation with the software. + Anyone who distributes the code must retain any attributions included in the original distribution. + Specific identified patent risks + Royalty free and no identified patent risks + No patents granted + Royalty free unless litigated + Report created at: + Report for scan: + Open source library name + Risk level + Security Report + Open Source Libraries + Unknown + Reference + In this section you’ll find more details about the fields and their values. + Disabled + Enabled + None + Automatic + Prompt + Recorded login + Unknown + (Modified) + Any + Unknown + Sample Trace + License Type + Scan Security Report + This report lists all the open source libraries found in your scan, and their associated open source Risk Levels. + + Open Source Risk Levels are not the same as the Risk Levels in Security Reports, and not related to the vulnerabilities of specific issues. + You can see if any of the libraries have known vulnerabilities in Issue Management view. + Number Of Libraries + Report Date: + Scanned under Application: + Scan Start Date: + Total Open Source License Types: + Details + Threat Classification: + Fix Groups: + Implementation of {0} + Usage of {0} via {1} + Fix Group #{0}: {1} + This section groups {0} issues of type {1} with significant commonality in the their traces. + This section groups {0} issues with significant commonality in their traces. The following issue types are included: + This section groups {0} issues of type {1} with a common opensource file. + This section groups {0} issues with a common opensource file. The following issue types are included: + These issues are grouped together to try to help you find a common fix that resolves them all. + These method calls are also common to the traces of the issues in this group. They represent other possible These method calls are also common to the traces of the issues in this group. They represent other possible locations to investigate a fix. + All {0} issues in this report appear to be independent, lacking the commonality required in their traces to be grouped together. They all appear in this section. + This section lists the remaining {0} issues that could not be included in any other fix groups. + The following issue types are included: + Ungrouped + Fix Recommendation + Library Version: + API: + at line + Call + Caller: + Description: + Name: + Example Trace: + File + Lost Sink + Not a Validator + Sample Trace + Publish date: + Resolution: + Source and Sink + Tainted Arg + Taint Propagator + via + Virtual Lost Sink + Test Optimization: + Normal + Optimized + Issue ID: + Compliance Security Report + Undefined + Undefined + Title: + Report Date UTC: + Fix Group ID: + Method: + Query String: + URI: + Arguments: + Call Trace: + Object: + Return: + Stack: + Type: + By Fix Groups: + By Issue Types: + Fix-Groups + Library: + Location: + Status: + Common API Call: + Common Fix Point: + Common Open Source: + Common Fix Point: + OpenSource + API: + Location of fix: + Library name: + Location of fix: + Advisory: + Custom Advisory: + Hosts + Fast + Faster + Fastest + No Optimization + How to Fix: + Report Name: + Technology: + Scan Information + General Advisory: + Finding specific advisory: + Example: + Exploit Example: + (none) + Not applicable for this issue. + HTTP Only + JS Stack Trace + Same Site + False + True + (Mixed) + Articles + CWE + Exploit example + External references + Recommendations + Language: + How to Fix + See also issue-details 'Resolution' section below. + Mitigation + Important: + Note: The number of issues found exceeded the maximum that can be shown in a single set of results. +The scan results show {0} representitive issues. + Personal Scan + Personal Scans are deleted after {0} days, unless promoted to the application within that time. + Additional Information: + Fixed + In Progress + New + Noise + Open + Passed + Reopened + Definitive + Scan Coverage Findings + Suspect + Cipher Suites: + ID + Fix recommendation + Default (Production) + Default (Staging) + Default + Body + Cookie + Global + Header + Header Name + Link + Other + Page + Parameter + Parameter Name + Query + Role + Source Line + Unspecified + Critical + High + Low + Medium + Unspecified + Report for application: + This report lists all the open source libraries found in your application, and their associated open source Risk Levels. + License Details + Library Name + Version + Undefined + Critical severity issues: + Full + No + Partial + Undefined + Dynamic + Non Viral + Undefined + Viral + Alpine + Arch Linux + Bower + Build Configuration File + Details available in CDNJS + Debian + .NET + Eclipse OSGI Bundle + Details available in GitHub repository + License information in host site + License File + Node package manager + NuGet Package + Other + POM file + Project Home Page + Python Package Index + Readme File + RPM + RubyGems + License assigned manually by a user in the organization + Undefined + High + Low + Medium + Undefined + Unknown + Conditional + No + Yes + Undefined severity issues: + Last Found + CVSS Version + Total Items: + + + Report_DAST_2023-10-19 + HCL + Application Security on Cloud + ABC + Medium + Thursday, October 19, 2023 + FullReport + 7 + False + 30 + 20000 + False + Fast + ASoC + DAST + + + 0 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + + + + Cookie with Insecure or Improper or Missing SameSite attribute + + + Insecure "OPTIONS" HTTP Method Enabled + + + Missing "Content-Security-Policy" header + + + Missing Encryption + + + Missing or insecure "X-Content-Type-Options" header + + + Missing "Referrer policy" Security Header + + + + + 1 + + JSESSIONID + B5177BE267E2BB455ACF3CD4E35EDE27 + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/ + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/userCheck?user= + ec2-13-235-80-114.ap-south-1.compute.amazonaws.com + + dictionaryFalse + dictionaryTrue + + + + + + 0 + + + 1 + + <!DOCTYPE html> + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/ + + + + 1 + + user + + ApplicationData.HttpParamType.Text + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/userCheck?user= + + + + 0 + + + 2 + + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/ + + + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/userCheck?user= + + + + 5 + + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/ + + + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/userCheck?user= + + + + 0 + + + 0 + + \ No newline at end of file diff --git a/unittests/scans/mobsf/mobsf_3_7_9.json b/unittests/scans/mobsf/mobsf_3_7_9.json new file mode 100644 index 00000000000..7d7b922a450 --- /dev/null +++ b/unittests/scans/mobsf/mobsf_3_7_9.json @@ -0,0 +1,285 @@ +{ + "version":"v3.7.9 Beta", + "title":"Static Analysis", + "file_name":"bitbar-ios-sample.ipa", + "app_name":"BitbarIOSSample", + "app_type":"Objective C", + "size":"0.14MB", + "md5":"e1f08f17e868e9de32a87d0bdc522fac", + "sha1":"deca43e3dd1186d002dea64b4cef4c8b88142488", + "sha256":"07ff7a6608265fff57bd3369fb4e10321d939de5101bd966677cd9a210b820b1", + "build":"1.0", + "app_version":"1.0", + "sdk_name":"iphoneos9.1", + "platform":"9.1", + "min_os_version":"6.0", + "bundle_id":"com.bitbar.testdroid.BitbarIOSSample", + "bundle_url_types":[ + + ], + "bundle_supported_platforms":[ + "iPhoneOS" + ], + "icon_path":"", + "info_plist":"\n\n\n\n\tBuildMachineOSBuild\n\t15B42\n\tCFBundleDevelopmentRegion\n\ten\n\tCFBundleDisplayName\n\tBitbarIOSSample\n\tCFBundleExecutable\n\tBitbarIOSSample\n\tCFBundleIconFiles\n\t\n\t\ticon.png\n\t\n\tCFBundleIcons\n\t\n\t\tCFBundlePrimaryIcon\n\t\t\n\t\t\tCFBundleIconFiles\n\t\t\t\n\t\t\t\ticon.png\n\t\t\t\n\t\t\n\t\n\tCFBundleIdentifier\n\tcom.bitbar.testdroid.BitbarIOSSample\n\tCFBundleInfoDictionaryVersion\n\t6.0\n\tCFBundleName\n\tBitbarIOSSample\n\tCFBundlePackageType\n\tAPPL\n\tCFBundleShortVersionString\n\t1.0\n\tCFBundleSignature\n\t????\n\tCFBundleSupportedPlatforms\n\t\n\t\tiPhoneOS\n\t\n\tCFBundleVersion\n\t1.0\n\tDTCompiler\n\tcom.apple.compilers.llvm.clang.1_0\n\tDTPlatformBuild\n\t13B137\n\tDTPlatformName\n\tiphoneos\n\tDTPlatformVersion\n\t9.1\n\tDTSDKBuild\n\t13B137\n\tDTSDKName\n\tiphoneos9.1\n\tDTXcode\n\t0711\n\tDTXcodeBuild\n\t7B1005\n\tLSRequiresIPhoneOS\n\t\n\tMinimumOSVersion\n\t6.0\n\tUIDeviceFamily\n\t\n\t\t1\n\t\t2\n\t\n\tUIRequiredDeviceCapabilities\n\t\n\t\tarmv7\n\t\n\tUISupportedInterfaceOrientations\n\t\n\t\tUIInterfaceOrientationPortrait\n\t\n\tUISupportedInterfaceOrientations~ipad\n\t\n\t\tUIInterfaceOrientationPortrait\n\t\n\n\n", + "binary_info":{ + "endian":"<", + "bit":"32-bit", + "arch":"ARM", + "subarch":"CPU_SUBTYPE_ARM_V7" + }, + "permissions":{ + + }, + "ats_analysis":{ + "ats_findings":[ + + ], + "ats_summary":{ + + } + }, + "binary_analysis":{ + "findings":{ + "Binary makes use of insecure API(s)":{ + "detailed_desc":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n", + "severity":"high", + "cvss":6, + "cwe":"CWE-676: Use of Potentially Dangerous Function", + "owasp-mobile":"M7: Client Code Quality", + "masvs":"MSTG-CODE-8" + }, + "Binary makes use of malloc function":{ + "detailed_desc":"The binary may use _malloc\n function instead of calloc", + "severity":"high", + "cvss":2, + "cwe":"CWE-789: Uncontrolled Memory Allocation", + "owasp-mobile":"M7: Client Code Quality", + "masvs":"MSTG-CODE-8" + } + }, + "summary":{ + "high":2, + "warning":0, + "info":0, + "secure":0, + "suppressed":0 + } + }, + "macho_analysis":{ + "name":"BitbarIOSSample", + "nx":{ + "has_nx":true, + "severity":"info", + "description":"The binary has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable." + }, + "pie":{ + "has_pie":true, + "severity":"info", + "description":"The binary is build with -fPIC flag which enables Position independent code. This makes Return Oriented Programming (ROP) attacks much more difficult to execute reliably." + }, + "stack_canary":{ + "has_canary":true, + "severity":"info", + "description":"This binary has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return." + }, + "arc":{ + "has_arc":false, + "severity":"warning", + "description":"This binary has debug symbols stripped. We cannot identify whether ARC is enabled or not." + }, + "rpath":{ + "has_rpath":false, + "severity":"info", + "description":"The binary does not have Runpath Search Path (@rpath) set." + }, + "code_signature":{ + "has_code_signature":true, + "severity":"info", + "description":"This binary has a code signature." + }, + "encrypted":{ + "is_encrypted":false, + "severity":"warning", + "description":"This binary is not encrypted." + }, + "symbol":{ + "is_stripped":true, + "severity":"info", + "description":"Debug Symbols are stripped" + } + }, + "dylib_analysis":[ + + ], + "framework_analysis":[ + + ], + "ios_api":{ + + }, + "code_analysis":{ + "findings":{ + + }, + "summary":{ + + } + }, + "file_analysis":[ + { + "issue":"Plist Files", + "files":[ + { + "file_path":"BitbarIOSSample.app/Info.plist", + "type":"ipa", + "hash":"e1f08f17e868e9de32a87d0bdc522fac" + } + ] + } + ], + "libraries":[ + "/System/Library/Frameworks/QuartzCore.framework/QuartzCore (compatibility version: 1.2.0, current version: 1.11.0)", + "/System/Library/Frameworks/UIKit.framework/UIKit (compatibility version: 1.0.0, current version: 3512.29.5)", + "/System/Library/Frameworks/Foundation.framework/Foundation (compatibility version: 300.0.0, current version: 1241.14.0)", + "/System/Library/Frameworks/CoreGraphics.framework/CoreGraphics (compatibility version: 64.0.0, current version: 600.0.0)", + "/usr/lib/libobjc.A.dylib (compatibility version: 1.0.0, current version: 228.0.0)", + "/usr/lib/libSystem.B.dylib (compatibility version: 1.0.0, current version: 1226.10.1)", + "/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation (compatibility version: 150.0.0, current version: 1241.11.0)" + ], + "files":[ + "BitbarIOSSample.app/embedded.mobileprovision", + "BitbarIOSSample.app/Default@2x.png", + "BitbarIOSSample.app/RadioButton-Selected.png", + "BitbarIOSSample.app/_CodeSignature/CodeResources", + "BitbarIOSSample.app/en.lproj/InfoPlist.strings" + ], + "urls":[ + { + "urls":[ + "http://www.apple.com/dtds/propertylist-1.0.dtd" + ], + "path":"BitbarIOSSample.app/archived-expanded-entitlements.xcent" + }, + { + "urls":[ + "http://www.apple.com/dtds/propertylist-1.0.dtd", + "http://www.apple.com/appleca/root.crl0", + "https://www.apple.com/appleca/0", + "http://www.apple.com/appleca/0m", + "http://developer.apple.com/certificationauthority/wwdrca.crl0" + ], + "path":"BitbarIOSSample.app/BitbarIOSSample" + }, + { + "urls":[ + "http://www.apple.com/dtds/propertylist-1.0.dtd", + "https://www.apple.com/appleca/0", + "http://developer.apple.com/certificationauthority/wwdrca.crl0", + "http://www.apple.com/appleca/0m", + "http://www.apple.com/appleca/root.crl0" + ], + "path":"IPA Strings Dump" + } + ], + "domains":{ + "www.apple.com":{ + "bad":"no", + "geolocation":{ + "ip":"92.122.160.209", + "country_short":"GB", + "country_long":"United Kingdom of Great Britain and Northern Ireland", + "region":"England", + "city":"Slough", + "latitude":"51.509491", + "longitude":"-0.595410" + }, + "ofac":false + }, + "developer.apple.com":{ + "bad":"no", + "geolocation":{ + "ip":"17.253.37.202", + "country_short":"GB", + "country_long":"United Kingdom of Great Britain and Northern Ireland", + "region":"England", + "city":"London", + "latitude":"51.508530", + "longitude":"-0.125740" + }, + "ofac":false + } + }, + "emails":[ + + ], + "strings":[ + "@_protocol_getMethodDescription", + "+FxD", + "otherButtonSelected:", + "NSString", + "%http://www.apple.com/appleca/root.crl0", + "!i*i", + "^s./%u", + "@_kCFCoreFoundationVersionNumber" + ], + "firebase_urls":[ + + ], + "appstore_details":{ + "error":true + }, + "secrets":[ + + ], + "trackers":{ + "detected_trackers":0, + "total_trackers":428, + "trackers":[ + + ] + }, + "virus_total":null, + "appsec":{ + "high":[ + { + "title":"Binary makes use of insecure API(s)", + "description":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n", + "section":"binary" + }, + { + "title":"Binary makes use of malloc function", + "description":"The binary may use _malloc\n function instead of calloc", + "section":"binary" + } + ], + "warning":[ + { + "title":"Application binary is not compiled with ARC flag", + "description":"This binary has debug symbols stripped. We cannot identify whether ARC is enabled or not.", + "section":"macho" + } + ], + "info":[ + + ], + "secure":[ + { + "title":"This application has no privacy trackers", + "description":"This application does not include any user or device trackers. Unable to find trackers during static analysis.", + "section":"trackers" + } + ], + "hotspot":[ + + ], + "total_trackers":428, + "trackers":0, + "security_score":42, + "app_name":"BitbarIOSSample", + "file_name":"bitbar-ios-sample.ipa", + "hash":"e1f08f17e868e9de32a87d0bdc522fac", + "version_name":"1.0" + }, + "average_cvss":null + } \ No newline at end of file diff --git a/unittests/scans/openvas_xml/many_vuln.xml b/unittests/scans/openvas_xml/many_vuln.xml new file mode 100644 index 00000000000..855d3008cbe --- /dev/null +++ b/unittests/scans/openvas_xml/many_vuln.xml @@ -0,0 +1,512 @@ +gpsmetasploitable2-scan2023-09-29T11:36:37.717132Z00metasploitable2-scanXML9.0descendingseverityapply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1nistNVD Vulnerability Severity RatingsNone0.00.0Low0.13.9Medium4.06.9High7.010.0Done1044000metasploitable2-scan0Target100.00Network Source Interfacesource_iface2023-09-26T10:50:34Z2023-09-26T10:50:34ZCoordinated Universal TimeUTC44512/tcp{v1}e2eec5b536a10.0High1524/tcp{v1}e2eec5b536a10.0High8787/tcp{v1}e2eec5b536a10.0Highgeneral/tcp{v1}e2eec5b536a10.0High80/tcp{v1}e2eec5b536a10.0High3632/tcp{v1}e2eec5b536a9.3High5900/tcp{v1}e2eec5b536a9.0High5432/tcp{v1}e2eec5b536a9.0High6667/tcp{v1}e2eec5b536a8.1High6697/tcp{v1}e2eec5b536a8.1High21/tcp{v1}e2eec5b536a7.5High80/tcp{v1}e2eec5b536a7.5High21/tcp{v1}e2eec5b536a7.5High2121/tcp{v1}e2eec5b536a7.5High80/tcp{v1}e2eec5b536a7.5High80/tcp{v1}e2eec5b536a7.5High22/tcp{v1}e2eec5b536a7.5High6200/tcp{v1}e2eec5b536a7.5High5432/tcp{v1}e2eec5b536a7.4High80/tcp{v1}e2eec5b536a6.8Medium21/tcp{v1}e2eec5b536a6.4Medium80/tcp{v1}e2eec5b536a6.1Medium80/tcp{v1}e2eec5b536a6.1Medium80/tcp{v1}e2eec5b536a6.0Medium445/tcp{v1}e2eec5b536a6.0Medium5432/tcp{v1}e2eec5b536a5.9Medium80/tcp{v1}e2eec5b536a5.8Medium22/tcp{v1}e2eec5b536a5.3Medium22/tcp{v1}e2eec5b536a5.3Medium5432/tcp{v1}e2eec5b536a5.0Medium80/tcp{v1}e2eec5b536a5.0Medium5432/tcp{v1}e2eec5b536a5.0Medium80/tcp{v1}e2eec5b536a5.0Medium80/tcp{v1}e2eec5b536a4.8Medium5900/tcp{v1}e2eec5b536a4.8Medium21/tcp{v1}e2eec5b536a4.8Medium2121/tcp{v1}e2eec5b536a4.8Medium5432/tcp{v1}e2eec5b536a4.3Medium80/tcp{v1}e2eec5b536a4.3Medium80/tcp{v1}e2eec5b536a4.3Medium22/tcp{v1}e2eec5b536a4.3Medium80/tcp{v1}e2eec5b536a4.3Medium5432/tcp{v1}e2eec5b536a4.05432/tcp{v1}e2eec5b536a4.0{v1}467e39e554agps2023-09-29T11:36:37.717168Z{v1}e2eec5b536a{v1}b6b9f466d63512/tcpnvtThe rexec service is runningUseless services10.0summary=This remote host is running a rexec service.|insight=rexec (remote execution client for an exec server) has the same + kind of functionality that rsh has: you can execute shell commands on a remote computer. + + The main difference is that rexec authenticate by reading the username and password *unencrypted* + from the socket.|qodType=remote_banner|solution=Disable the rexec service and use alternatives like SSH +instead.|solution_type=Mitigation|impact=|affected=High10.080remote_bannerThe rexec service was detected on the target system. +High5{v1}530765cf437gps2023-09-29T11:36:37.717208Z{v1}e2eec5b536a{v1}b6b9f466d631524/tcpnvtPossible Backdoor: IngreslockGain a shell remotely10.0summary=A backdoor is installed on the remote host.|insight=|qodType=remote_vul|solution=A whole cleanup of the infected system is recommended.|solution_type=Workaround|impact=Attackers can exploit this issue to execute arbitrary commands in the + context of the application. Successful attacks will compromise the affected isystem.|affected=High10.099remote_vulThe service is answering to an 'id;' command with the following response: uid=0(root) gid=0(root) +High5{v1}5f5c7518c92gps2023-09-29T11:36:37.717216Z{v1}e2eec5b536a{v1}b6b9f466d638787/tcpnvtDistributed Ruby (dRuby/DRb) Multiple Remote Code Execution VulnerabilitiesGain a shell remotely10.0summary=Systems using Distributed Ruby (dRuby/DRb), which is available in Ruby versions 1.6 +and later, may permit unauthorized systems to execute distributed commands.|insight=|qodType=remote_vul|solution=Administrators of environments that rely on Distributed Ruby should ensure that +appropriate controls are in place. Code-level controls may include: + +- Implementing taint on untrusted input + +- Setting $SAFE levels appropriately (>2 is recommended if untrusted hosts are allowed to submit Ruby commands, and >3 may be appropriate) + +- Including drb/acl.rb to set ACLEntry to restrict access to trusted hosts|solution_type=Mitigation|impact=By default, Distributed Ruby does not impose restrictions on allowed hosts or set the + $SAFE environment variable to prevent privileged activities. If other controls are not in place, especially if the + Distributed Ruby process runs with elevated privileges, an attacker could execute arbitrary system commands or Ruby + scripts on the Distributed Ruby server. An attacker may need to know only the URI of the listening Distributed Ruby + server to submit Ruby commands.|affected=High10.099remote_vulThe service is running in $SAFE >= 1 mode. However it is still possible to run arbitrary syscall commands on the remote host. Sending an invalid syscall the service returned the following response: + +Flo:Errno::ENOSYS:bt["3/usr/lib/ruby/1.8/drb/drb.rb:1555:in `syscall'"0/usr/lib/ruby/1.8/drb/drb.rb:1555:in `send'"4/usr/lib/ruby/1.8/drb/drb.rb:1555:in `__send__'"A/usr/lib/ruby/1.8/drb/drb.rb:1555:in `perform_without_block'"3/usr/lib/ruby/1.8/drb/drb.rb:1515:in `perform'"5/usr/lib/ruby/1.8/drb/drb.rb:1589:in `main_loop'"0/usr/lib/ruby/1.8/drb/drb.rb:1585:in `loop'"5/usr/lib/ruby/1.8/drb/drb.rb:1585:in `main_loop'"1/usr/lib/ruby/1.8/drb/drb.rb:1581:in `start'"5/usr/lib/ruby/1.8/drb/drb.rb:1581:in `main_loop'"//usr/lib/ruby/1.8/drb/drb.rb:1430:in `run'"1/usr/lib/ruby/1.8/drb/drb.rb:1427:in `start'"//usr/lib/ruby/1.8/drb/drb.rb:1427:in `run'"6/usr/lib/ruby/1.8/drb/drb.rb:1347:in `initialize'"//usr/lib/ruby/1.8/drb/drb.rb:1627:in `new'"9/usr/lib/ruby/1.8/drb/drb.rb:1627:in `start_service'"%/usr/sbin/druby_timeserver.rb:12:errnoi+:mesg"Function not implemented +High5{v1}8c49cb44d75gps2023-09-29T11:36:37.717246Z{v1}e2eec5b536a{v1}b6b9f466d63general/tcpnvtOperating System (OS) End of Life (EOL) DetectionGeneral10.0summary=The Operating System (OS) on the remote host has reached the End +of Life (EOL) and should not be used anymore.|insight=|qodType=remote_banner|solution=Upgrade the OS on the remote host to a version which is still +supported and receiving security updates by the vendor.|solution_type=Mitigation|impact=An EOL version of an OS is not receiving any security updates + from the vendor. Unfixed security vulnerabilities might be leveraged by an attacker to compromise + the security of this host.|affected=High10.080remote_bannerThe "Ubuntu" Operating System on the remote host has reached the end of life. + +CPE: cpe:/o:canonical:ubuntu_linux:8.04 +Installed version, +build or SP: 8.04 +EOL date: 2013-05-09 +EOL info: https://wiki.ubuntu.com/Releases +High5{v1}22a938294adgps2023-09-29T11:36:37.717262Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki XSS and Command Execution VulnerabilitiesWeb application abuses10.0summary=TWiki is prone to Cross-Site Scripting (XSS) and Command Execution Vulnerabilities.|insight=The flaws are due to: + + - %URLPARAM{}% variable is not properly sanitized which lets attackers + conduct cross-site scripting attack. + + - %SEARCH{}% variable is not properly sanitised before being used in an + eval() call which lets the attackers execute perl code through eval + injection attack.|qodType=remote_banner|solution=Upgrade to version 4.2.4 or later.|solution_type=VendorFix|impact=Successful exploitation could allow execution of arbitrary script code or + commands. This could let attackers steal cookie-based authentication credentials or compromise the affected + application.|affected=TWiki, TWiki version prior to 4.2.4.High10.080remote_bannerInstalled version: 01.Feb.2003 +Fixed version: 4.2.4 + +High5{v1}9e2edd735b3gps2023-09-29T11:36:37.717281Z{v1}e2eec5b536a{v1}b6b9f466d633632/tcpnvtDistCC RCE Vulnerability (CVE-2004-2687)Gain a shell remotely9.3summary=DistCC is prone to a remote code execution (RCE) +vulnerability.|insight=DistCC 2.x, as used in XCode 1.5 and others, when not configured + to restrict access to the server port, allows remote attackers to execute arbitrary commands via + compilation jobs, which are executed by the server without authorization checks.|qodType=remote_vul|solution=Vendor updates are available. Please see the references for +more information. + +For more information about DistCC's security see the references.|solution_type=VendorFix|impact=DistCC by default trusts its clients completely that in turn + could allow a malicious client to execute arbitrary commands on the server.|affected=High9.399remote_vulIt was possible to execute the "id" command. + +Result: uid=1(daemon) gid=1(daemon) +High5{v1}0b02451a968gps2023-09-29T11:36:37.717494Z{v1}e2eec5b536a{v1}b6b9f466d635900/tcpnvtVNC Brute Force LoginBrute force attacks9.0summary=Try to log in with given passwords via VNC protocol.|insight=This script tries to authenticate to a VNC server with the + passwords set in the password preference. It will also test and report if no authentication / + password is required at all. + + Note: Some VNC servers have a blacklisting scheme that blocks IP addresses after five unsuccessful + connection attempts for a period of time. The script will abort the brute force attack if it + encounters that it gets blocked. + + Note as well that passwords can be max. 8 characters long.|qodType=remote_active|solution=Change the password to something hard to guess or enable +password protection at all.|solution_type=Mitigation|impact=|affected=High9.095remote_activeIt was possible to connect to the VNC server with the password: password +High5{v1}e93a2434477gps2023-09-29T11:36:37.717503Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtPostgreSQL Default Credentials (PostgreSQL Protocol)Default Accounts9.0summary=It was possible to login into the remote PostgreSQL as user +postgres using weak credentials.|insight=|qodType=remote_vul|solution=Change the password as soon as possible.|solution_type=Mitigation|impact=|affected=High9.099remote_vulIt was possible to login as user postgres with password "postgres". + + +High5{v1}3723bfe0094gps2023-09-29T11:36:37.717511Z{v1}e2eec5b536a{v1}b6b9f466d636667/tcpnvtUnrealIRCd Authentication Spoofing VulnerabilityGeneral8.1summary=UnrealIRCd is prone to authentication spoofing vulnerability.|insight=The flaw exists due to an error in + the 'm_authenticate' function in 'modules/m_sasl.c' script.|qodType=remote_banner|solution=Upgrade to UnrealIRCd 3.2.10.7, +or 4.0.6, or later.|solution_type=VendorFix|impact=Successful exploitation of this vulnerability + will allows remote attackers to spoof certificate fingerprints and consequently + log in as another user.|affected=UnrealIRCd before 3.2.10.7 and + 4.x before 4.0.6.High8.180remote_bannerInstalled version: 127.0.0.1 +Fixed version: 127.0.0.1 + +High5{v1}3723bfe0094gps2023-09-29T11:36:37.717520Z{v1}e2eec5b536a{v1}b6b9f466d636697/tcpnvtUnrealIRCd Authentication Spoofing VulnerabilityGeneral8.1summary=UnrealIRCd is prone to authentication spoofing vulnerability.|insight=The flaw exists due to an error in + the 'm_authenticate' function in 'modules/m_sasl.c' script.|qodType=remote_banner|solution=Upgrade to UnrealIRCd 3.2.10.7, +or 4.0.6, or later.|solution_type=VendorFix|impact=Successful exploitation of this vulnerability + will allows remote attackers to spoof certificate fingerprints and consequently + log in as another user.|affected=UnrealIRCd before 3.2.10.7 and + 4.x before 4.0.6.High8.180remote_bannerInstalled version: 127.0.0.1 +Fixed version: 127.0.0.1 + +High5{v1}a358693375bgps2023-09-29T11:36:37.717529Z{v1}e2eec5b536a{v1}b6b9f466d6321/tcpnvtFTP Brute Force Logins ReportingBrute force attacks7.5summary=It was possible to login into the remote FTP server using +weak/known credentials.|insight=The following devices are / software is known to be affected: + + - CVE-2001-1594: Codonics printer FTP service as used in GE Healthcare eNTEGRA P&R + + - CVE-2013-7404: GE Healthcare Discovery NM 750b + + - CVE-2018-19063, CVE-2018-19064: Foscam C2 and Opticam i5 devices + + Note: As the VT 'FTP Brute Force Logins' (OID: 1.3.6.1.4.1.25623.1.0.108717) might run into a + timeout the actual reporting of this vulnerability takes place in this VT instead.|qodType=remote_active|solution=Change the password as soon as possible.|solution_type=Mitigation|impact=This issue may be exploited by a remote attacker to e.g. gain + access to sensitive information or modify system configuration.|affected=High7.595remote_activeIt was possible to login with the following credentials <User>:<Password> + +msfadmin:msfadmin +postgres:postgres +service:service +user:user +High5{v1}4ecebea5997gps2023-09-29T11:36:37.717538Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTest HTTP dangerous methodsWeb Servers7.5summary=Misconfigured web servers allows remote clients to perform +dangerous HTTP methods such as PUT and DELETE.|insight=|qodType=remote_vul|solution=Use access restrictions to these dangerous HTTP methods +or disable them completely.|solution_type=Mitigation|impact=- Enabled PUT method: This might allow an attacker to upload + and run arbitrary code on this web server. + + - Enabled DELETE method: This might allow an attacker to delete additional files on this web + server.|affected=Web servers with enabled PUT and/or DELETE methods.High7.599remote_vulWe could upload the following files via the PUT method at this web server: + +http://127.0.0.1/dav/puttest1462543653.html + +We could delete the following files via the DELETE method at this web server: + +http://127.0.0.1/dav/puttest1462543653.html + + +High5{v1}dcc8491b116gps2023-09-29T11:36:37.717558Z{v1}e2eec5b536a{v1}b6b9f466d6321/tcpnvtvsftpd Compromised Source Packages Backdoor VulnerabilityGain a shell remotely7.5summary=vsftpd is prone to a backdoor vulnerability.|insight=|qodType=remote_vul|solution=The repaired package can be downloaded from +the referenced link. Please validate the package with its signature.|solution_type=VendorFix|impact=Attackers can exploit this issue to execute arbitrary commands in the + context of the application. Successful attacks will compromise the affected application.|affected=The vsftpd 2.3.4 source package is affected.High7.599remote_vulHigh5{v1}a358693375bgps2023-09-29T11:36:37.717575Z{v1}e2eec5b536a{v1}b6b9f466d632121/tcpnvtFTP Brute Force Logins ReportingBrute force attacks7.5summary=It was possible to login into the remote FTP server using +weak/known credentials.|insight=The following devices are / software is known to be affected: + + - CVE-2001-1594: Codonics printer FTP service as used in GE Healthcare eNTEGRA P&R + + - CVE-2013-7404: GE Healthcare Discovery NM 750b + + - CVE-2018-19063, CVE-2018-19064: Foscam C2 and Opticam i5 devices + + Note: As the VT 'FTP Brute Force Logins' (OID: 1.3.6.1.4.1.25623.1.0.108717) might run into a + timeout the actual reporting of this vulnerability takes place in this VT instead.|qodType=remote_active|solution=Change the password as soon as possible.|solution_type=Mitigation|impact=This issue may be exploited by a remote attacker to e.g. gain + access to sensitive information or modify system configuration.|affected=High7.595remote_activeIt was possible to login with the following credentials <User>:<Password> + +user:user +High5{v1}edca4d29119gps2023-09-29T11:36:37.717584Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtphpinfo() output ReportingWeb application abuses7.5summary=Many PHP installation tutorials instruct the user to create +a file called phpinfo.php or similar containing the phpinfo() statement. Such a file is often +left back in the webserver directory.|insight=|qodType=remote_banner|solution=Delete the listed files or restrict access to them.|solution_type=Workaround|impact=Some of the information that can be gathered from this file includes: + + The username of the user running the PHP process, if it is a sudo user, the IP address of the host, the web server + version, the system version (Unix, Linux, Windows, ...), and the root directory of the web server.|affected=High7.580remote_bannerThe following files are calling the function phpinfo() which disclose potentially sensitive information: + +http://127.0.0.1/mutillidae/phpinfo.php +http://127.0.0.1/phpinfo.php +High5{v1}28996b2da9agps2023-09-29T11:36:37.717594Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtPHP-CGI-based setups vulnerability when parsing query string parameters from php files.Web application abuses7.5summary=PHP is prone to an information-disclosure vulnerability.|insight=When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the + php-cgi receives a processed query string parameter as command line arguments which allows command-line + switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose + source code and obtain arbitrary code execution. + + An example of the -s command, allowing an attacker to view the source code of index.php is below: + + http://example.com/index.php?-s|qodType=remote_active|solution=PHP has released version 5.4.3 and 5.3.13 to address this vulnerability. +PHP is recommending that users upgrade to the latest version of PHP.|solution_type=VendorFix|impact=Exploiting this issue allows remote attackers to view the source code of files in the + context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code + on the affected computer. Other attacks are also possible.|affected=High7.595remote_activeBy doing the following HTTP POST request: + +"HTTP POST" body : <?php phpinfo();?> +URL : http://127.0.0.1/cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E + +it was possible to execute the "<?php phpinfo();?>" command. + +Result: <title>phpinfo()</title><meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" /></head> +High5{v1}f209b933bd1gps2023-09-29T11:36:37.717604Z{v1}e2eec5b536a{v1}b6b9f466d6322/tcpnvtRiello NetMan 204 Default Credentials (SSH)Default Accounts7.5summary=The remote Riello NetMan 204 network card is using known default +credentials for the SSH login.|insight=|qodType=exploit|solution=Change the password of the affected account(s).|solution_type=Workaround|impact=This issue may be exploited by a remote attacker to gain access + to sensitive information or modify system configuration.|affected=High7.5100exploitIt was possible to login as user 'user' with password 'user' and to execute 'cat /etc/passwd'. Result: + +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +libuuid:x:100:101::/var/lib/libuuid:/bin/sh +dhcp:x:101:102::/nonexistent:/bin/false +syslog:x:102:103::/home/syslog:/bin/false +klog:x:103:104::/home/klog:/bin/false +sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin +msfadmin:x:1000:1000:msfadmin,,,:/home/msfadmin:/bin/bash +bind:x:105:113::/var/cache/bind:/bin/false +postfix:x:106:115::/var/spool/postfix:/bin/false +ftp:x:107:65534::/home/ftp:/bin/false +postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash +mysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/false +tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false +distccd:x:111:65534::/:/bin/false +user:x:1001:1001:just a user,111,,:/home/user:/bin/bash +service:x:1002:1002:,,,:/home/service:/bin/bash +telnetd:x:112:120::/nonexistent:/bin/false +proftpd:x:113:65534::/var/run/proftpd:/bin/false +statd:x:114:65534::/var/lib/nfs:/bin/false +High5{v1}dcc8491b116gps2023-09-29T11:36:37.717613Z{v1}e2eec5b536a{v1}b6b9f466d636200/tcpnvtvsftpd Compromised Source Packages Backdoor VulnerabilityGain a shell remotely7.5summary=vsftpd is prone to a backdoor vulnerability.|insight=|qodType=remote_vul|solution=The repaired package can be downloaded from +the referenced link. Please validate the package with its signature.|solution_type=VendorFix|impact=Attackers can exploit this issue to execute arbitrary commands in the + context of the application. Successful attacks will compromise the affected application.|affected=The vsftpd 2.3.4 source package is affected.High7.599remote_vulHigh5{v1}d803f61f444gps2023-09-29T11:36:37.717621Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: OpenSSL CCS Man in the Middle Security Bypass VulnerabilitySSL and TLS7.4summary=OpenSSL is prone to security-bypass vulnerability.|insight=OpenSSL does not properly restrict processing of ChangeCipherSpec + messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in + certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive + information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.|qodType=remote_analysis|solution=Updates are available. Please see the references for more information.|solution_type=VendorFix|impact=Successfully exploiting this issue may allow attackers to obtain + sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.|affected=OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h.High7.470remote_analysisHigh5{v1}e70046de17fgps2023-09-29T11:36:37.717637Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki Cross-Site Request Forgery Vulnerability - Sep10Web application abuses6.8summary=TWiki is prone to a cross-site request forgery (CSRF) vulnerability.|insight=Attack can be done by tricking an authenticated TWiki user into visiting + a static HTML page on another side, where a Javascript enabled browser will send an HTTP POST request + to TWiki, which in turn will process the request as the TWiki user.|qodType=remote_banner|solution=Upgrade to TWiki version 4.3.2 or later.|solution_type=VendorFix|impact=Successful exploitation will allow attacker to gain administrative + privileges on the target application and can cause CSRF attack.|affected=TWiki version prior to 4.3.2Medium6.880remote_bannerInstalled version: 01.Feb.2003 +Fixed version: 4.3.2 + +Medium5{v1}944cfcaaf66gps2023-09-29T11:36:37.717645Z{v1}e2eec5b536a{v1}b6b9f466d6321/tcpnvtAnonymous FTP Login ReportingFTP6.4summary=Reports if the remote FTP Server allows anonymous logins.|insight=A host that provides an FTP service may additionally provide + Anonymous FTP access as well. Under this arrangement, users do not strictly need an account on the + host. Instead the user typically enters 'anonymous' or 'ftp' when prompted for username. Although + users are commonly asked to send their email address as their password, little to no verification + is actually performed on the supplied data. + + Remark: NIST don't see 'configuration issues' as software flaws so the referenced CVE has a + severity of 0.0. The severity of this VT has been raised by Greenbone to still report a + configuration issue on the target.|qodType=remote_banner|solution=If you do not want to share files, you should disable anonymous +logins.|solution_type=Mitigation|impact=Based on the files accessible via this anonymous FTP login and + the permissions of this account an attacker might be able to: + + - gain access to sensitive files + + - upload or delete files.|affected=Medium6.480remote_bannerIt was possible to login to the remote FTP service with the following anonymous account(s): + +anonymous:anonymous@example.com +ftp:anonymous@example.com + +Medium5{v1}cc1c4db6d4fgps2023-09-29T11:36:37.717654Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtjQuery < 1.9.0 XSS VulnerabilityWeb application abuses6.1summary=jQuery is prone to a cross-site scripting (XSS) +vulnerability.|insight=The jQuery(strInput) function does not differentiate selectors + from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was + HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility + when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input + to be HTML if it explicitly starts with the '<' character, limiting exploitability only to + attackers who can control the beginning of a string, which is far less common.|qodType=remote_banner|solution=Update to version 1.9.0 or later.|solution_type=VendorFix|impact=|affected=jQuery prior to version 1.9.0.Medium6.180remote_bannerInstalled version: 1.3.2 +Fixed version: 1.9.0 +Installation +path / port: /mutillidae/javascript/ddsmoothmenu/jquery.min.js + +Detection info (see OID: 127.0.0.1.4.1.25127.0.0.1658 for more info): +- Identified file: http://127.0.0.1/mutillidae/javascript/ddsmoothmenu/jquery.min.js +- Referenced at: http://127.0.0.1/mutillidae/ +Medium5{v1}44d224b77c4gps2023-09-29T11:36:37.717662Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki < 6.1.0 XSS VulnerabilityWeb application abuses6.1summary=bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter.|insight=|qodType=remote_banner|solution=Update to version 6.1.0 or later.|solution_type=VendorFix|impact=|affected=TWiki version 6.0.2 and probably prior.Medium6.180remote_bannerInstalled version: 01.Feb.2003 +Fixed version: 6.1.0 + +Medium5{v1}e70046de17fgps2023-09-29T11:36:37.717670Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki Cross-Site Request Forgery VulnerabilityWeb application abuses6.0summary=TWiki is prone to a cross-site request forgery (CSRF) vulnerability.|insight=Remote authenticated user can create a specially crafted image tag that, + when viewed by the target user, will update pages on the target system with the privileges of the target user + via HTTP requests.|qodType=remote_banner|solution=Upgrade to version 4.3.1 or later.|solution_type=VendorFix|impact=Successful exploitation will allow attacker to gain administrative + privileges on the target application and can cause CSRF attack.|affected=TWiki version prior to 4.3.1Medium6.080remote_bannerInstalled version: 01.Feb.2003 +Fixed version: 4.3.1 + +Medium5{v1}71c655fd352gps2023-09-29T11:36:37.717677Z{v1}e2eec5b536a{v1}b6b9f466d63445/tcpnvtSamba MS-RPC Remote Shell Command Execution Vulnerability - Active CheckGain a shell remotely6.0summary=Samba is prone to a vulnerability that allows attackers to +execute arbitrary shell commands because the software fails to sanitize user-supplied input.|insight=|qodType=remote_vul|solution=Updates are available. Please see the referenced vendor advisory.|solution_type=VendorFix|impact=An attacker may leverage this issue to execute arbitrary shell + commands on an affected system with the privileges of the application.|affected=This issue affects Samba 3.0.0 through 3.0.25rc3.Medium6.099remote_vulMedium5{v1}e79b358813fgps2023-09-29T11:36:37.717686Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Deprecated SSLv2 and SSLv3 Protocol DetectionSSL and TLS5.9summary=It was possible to detect the usage of the deprecated SSLv2 +and/or SSLv3 protocol on this system.|insight=The SSLv2 and SSLv3 protocols contain known cryptographic + flaws like: + + - CVE-2014-3566: Padding Oracle On Downgraded Legacy Encryption (POODLE) + + - CVE-2016-0800: Decrypting RSA with Obsolete and Weakened eNcryption (DROWN)|qodType=remote_app|solution=It is recommended to disable the deprecated SSLv2 and/or SSLv3 +protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.|solution_type=Mitigation|impact=An attacker might be able to use the known cryptographic flaws to + eavesdrop the connection between clients and the service to get access to sensitive data + transferred within the secured connection. + + Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates + anymore.|affected=All services providing an encrypted communication using the + SSLv2 and/or SSLv3 protocols.Medium5.998remote_appIn addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 127.0.0.1.4.1.25127.0.0.1067) VT. +Medium5{v1}75693259c28gps2023-09-29T11:36:37.717697Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtHTTP Debugging Methods (TRACE/TRACK) EnabledWeb Servers5.8summary=The remote web server supports the TRACE and/or TRACK +methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.|insight=It has been shown that web servers supporting this methods + are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in + conjunction with various weaknesses in browsers.|qodType=remote_vul|solution=Disable the TRACE and TRACK methods in your web server +configuration. + +Please see the manual of your web server or the references for more information.|solution_type=Mitigation|impact=An attacker may use this flaw to trick your legitimate web + users to give him their credentials.|affected=Web servers with enabled TRACE and/or TRACK methods.Medium5.899remote_vulThe web server has the following HTTP methods enabled: TRACE +Medium5{v1}316b754124fgps2023-09-29T11:36:37.717709Z{v1}e2eec5b536a{v1}b6b9f466d6322/tcpnvtWeak Key Exchange (KEX) Algorithm(s) Supported (SSH)General5.3summary=The remote SSH server is configured to allow / support weak key +exchange (KEX) algorithm(s).|insight=- 1024-bit MODP group / prime KEX algorithms: + + Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key + exchange. Practitioners believed this was safe as long as new key exchange messages were generated + for every connection. However, the first step in the number field sieve-the most efficient + algorithm for breaking a Diffie-Hellman connection-is dependent only on this prime. + + A nation-state can break a 1024-bit prime.|qodType=remote_banner|solution=Disable the reported weak KEX algorithm(s) + +- 1024-bit MODP group / prime KEX algorithms: + +Alternatively use elliptic-curve Diffie-Hellmann in general, e.g. Curve 25519.|solution_type=Mitigation|impact=An attacker can quickly break individual connections.|affected=Medium5.380remote_bannerThe remote SSH server supports the following weak KEX algorithm(s): + +KEX algorithm | Reason +------------------------------------------------------------------------------------------- +diffie-hellman-group-exchange-sha1 | Using SHA-1 +diffie-hellman-group1-sha1 | Using Oakley Group 2 (a 1024-bit MODP group) and SHA-1 +Medium5{v1}79868c7d9b2gps2023-09-29T11:36:37.717720Z{v1}e2eec5b536a{v1}b6b9f466d6322/tcpnvtWeak Host Key Algorithm(s) (SSH)General5.3summary=The remote SSH server is configured to allow / support weak host +key algorithm(s).|insight=|qodType=remote_banner|solution=Disable the reported weak host key algorithm(s).|solution_type=Mitigation|impact=|affected=Medium5.380remote_bannerThe remote SSH server supports the following weak host key algorithm(s): + +host key algorithm | Description +----------------------------------------------------------------------------------------- +ssh-dss | Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS) +Medium5{v1}e3e389ce2bagps2023-09-29T11:36:37.717728Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Report Weak Cipher SuitesSSL and TLS5.0summary=This routine reports all Weak SSL/TLS cipher suites accepted +by a service. + +NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port +25/tcp is reported. If too strong cipher suites are configured for this service the alternative +would be to fall back to an even more insecure cleartext communication.|insight=These rules are applied for the evaluation of the cryptographic + strength: + + - RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808) + + - Ciphers using 64 bit or less are considered to be vulnerable to brute force methods + and therefore considered as weak (CVE-2015-4000) + + - 1024 bit RSA authentication is considered to be insecure and therefore as weak + + - Any cipher considered to be secure for only the next 10 years is considered as medium + + - Any other cipher is considered as strong|qodType=remote_app|solution=The configuration of this services should be changed so +that it does not accept the listed weak cipher suites anymore. + +Please see the references for more resources supporting you with this task.|solution_type=Mitigation|impact=|affected=Medium5.098remote_app'Weak' cipher suites accepted by this service via the SSLv3 protocol: + +TLS_RSA_WITH_RC4_128_SHA + +'Weak' cipher suites accepted by this service via the TLSv1.0 protocol: + +TLS_RSA_WITH_RC4_128_SHA + + +Medium5{v1}66ec0c4c6a4gps2023-09-29T11:36:37.717749Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvt/doc directory browsableWeb application abuses5.0summary=The /doc directory is browsable. +/doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed programs.|insight=|qodType=remote_banner|solution=Use access restrictions for the /doc directory. +If you use Apache you might use this in your access.conf: + +<Directory /usr/doc> +AllowOverride None +order deny, allow +deny from all +allow from localhost +</Directory>|solution_type=Mitigation|impact=|affected=Medium5.080remote_bannerVulnerable URL: http://127.0.0.1/doc/ +Medium5{v1}fec842e796egps2023-09-29T11:36:37.717762Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Certificate ExpiredSSL and TLS5.0summary=The remote server's SSL/TLS certificate has already expired.|insight=This script checks expiry dates of certificates associated with + SSL/TLS-enabled services on the target and reports whether any have already expired.|qodType=remote_vul|solution=Replace the SSL/TLS certificate by a new one.|solution_type=Mitigation|impact=|affected=Medium5.099remote_vulThe certificate of the remote service expired on 2010-04-16 14:07:45. + +Certificate details: +fingerprint (SHA-1) | ED093088706603BFD5DC237399B498DA2D4D31C6 +fingerprint (SHA-256) | E7A7FA0D63E457C7C4A59B38B70849C6A70BDA6F830C7AF1E32DEE436DE813CC +issued by | 127.0.0.1127.0.0.1=#726F6F74407562756E74753830342D626173652E6C6F63616C646F6D61696E,CN=ubuntu804-base.localdomain,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX +public key size (bits) | 1024 +serial | 00FAF93A4C7FB6B9CC +signature algorithm | sha1WithRSAEncryption +subject | 127.0.0.1127.0.0.1=#726F6F74407562756E74753830342D626173652E6C6F63616C646F6D61696E,CN=ubuntu804-base.localdomain,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX +subject alternative names (SAN) | None +valid from | 2010-03-17 14:07:45 UTC +valid until | 2010-04-16 14:07:45 UTC +Medium5{v1}bccd1cd5b97gps2023-09-29T11:36:37.717769Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtawiki <= 20100125 Multiple LFI Vulnerabilities - Active CheckWeb application abuses5.0summary=awiki is prone to multiple local file include (LFI) +vulnerabilities because it fails to properly sanitize user-supplied input.|insight=|qodType=remote_vul|solution=No known solution was made available for at least one year +since the disclosure of this vulnerability. Likely none will be provided anymore. General +solution options are to upgrade to a newer release, disable respective features, remove the +product or replace the product by another one.|solution_type=WillNotFix|impact=An attacker can exploit this vulnerability to obtain potentially + sensitive information and execute arbitrary local scripts in the context of the webserver + process. This may allow the attacker to compromise the application and the host.|affected=awiki version 20100125 and prior.Medium5.099remote_vulVulnerable URL: http://127.0.0.1/mutillidae/index.php?page=/etc/passwd +Medium5{v1}68aaba31879gps2023-09-29T11:36:37.717783Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtCleartext Transmission of Sensitive Information via HTTPWeb application abuses4.8summary=The host / application transmits sensitive information (username, passwords) in +cleartext via HTTP.|insight=|qodType=remote_banner|solution=Enforce the transmission of sensitive data via an encrypted SSL/TLS connection. +Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before +allowing to input sensitive data into the mentioned functions.|solution_type=Workaround|impact=An attacker could use this situation to compromise or eavesdrop on the + HTTP communication between the client and the server using a man-in-the-middle attack to get access to + sensitive data like usernames or passwords.|affected=Hosts / applications which doesn't enforce the transmission of sensitive data via an + encrypted SSL/TLS connection.Medium4.880remote_bannerThe following input fields were identified (URL:input name): + +http://127.0.0.1/dvwa/login.php:password +http://127.0.0.1/phpMyAdmin/:pma_password +http://127.0.0.1/phpMyAdmin/?D=A:pma_password +http://127.0.0.1/tikiwiki/tiki-install.php:pass +http://127.0.0.1/twiki/bin/view/TWiki/TWikiUserAuthentication:oldpassword +Medium5{v1}4406907af6bgps2023-09-29T11:36:37.717794Z{v1}e2eec5b536a{v1}b6b9f466d635900/tcpnvtVNC Server Unencrypted Data TransmissionGeneral4.8summary=The remote host is running a VNC server providing one or more insecure or +cryptographically weak Security Type(s) not intended for use on untrusted networks.|insight=|qodType=remote_analysis|solution=Run the session over an encrypted channel provided by IPsec [RFC4301] or SSH [RFC4254]. +Some VNC server vendors are also providing more secure Security Types within their products.|solution_type=Mitigation|impact=An attacker can uncover sensitive data by sniffing traffic to the + VNC server.|affected=Medium4.870remote_analysisThe VNC server provides the following insecure or cryptographically weak Security Type(s): + +2 (VNC authentication) +Medium5{v1}1fa3ebb87ecgps2023-09-29T11:36:37.717806Z{v1}e2eec5b536a{v1}b6b9f466d6321/tcpnvtFTP Unencrypted Cleartext LoginGeneral4.8summary=The remote host is running a FTP service that allows cleartext logins over +unencrypted connections.|insight=|qodType=remote_analysis|solution=Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see +the manual of the FTP service for more information.|solution_type=Mitigation|impact=An attacker can uncover login names and passwords by sniffing traffic to the + FTP service.|affected=Medium4.870remote_analysisThe remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s): + +Non-anonymous sessions: 331 Please specify the password. +Anonymous sessions: 331 Please specify the password. +Medium5{v1}1fa3ebb87ecgps2023-09-29T11:36:37.717816Z{v1}e2eec5b536a{v1}b6b9f466d632121/tcpnvtFTP Unencrypted Cleartext LoginGeneral4.8summary=The remote host is running a FTP service that allows cleartext logins over +unencrypted connections.|insight=|qodType=remote_analysis|solution=Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see +the manual of the FTP service for more information.|solution_type=Mitigation|impact=An attacker can uncover login names and passwords by sniffing traffic to the + FTP service.|affected=Medium4.870remote_analysisThe remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s): + +Non-anonymous sessions: 331 Password required for openvasvt +Anonymous sessions: 331 Password required for anonymous +Medium5{v1}e79b358813fgps2023-09-29T11:36:37.717825Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol DetectionSSL and TLS4.3summary=It was possible to detect the usage of the deprecated TLSv1.0 +and/or TLSv1.1 protocol on this system.|insight=The TLSv1.0 and TLSv1.1 protocols contain known cryptographic + flaws like: + + - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) + + - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy + Encryption (FREAK)|qodType=remote_app|solution=It is recommended to disable the deprecated TLSv1.0 and/or +TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more +information.|solution_type=Mitigation|impact=An attacker might be able to use the known cryptographic flaws + to eavesdrop the connection between clients and the service to get access to sensitive data + transferred within the secured connection. + + Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates + anymore.|affected=All services providing an encrypted communication using the + TLSv1.0 and/or TLSv1.1 protocols.Medium4.398remote_appThe service is only providing the deprecated TLSv1.0 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 127.0.0.1.4.1.25127.0.0.1067) VT. +Medium5{v1}9c322581ba5gps2023-09-29T11:36:37.717836Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtphpMyAdmin 'error.php' Cross Site Scripting VulnerabilityWeb application abuses4.3summary=phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability.|insight=The flaw is caused by input validation errors in the 'error.php' +script when processing crafted BBcode tags containing '@' characters, which +could allow attackers to inject arbitrary HTML code within the error page +and conduct phishing attacks.|qodType=remote_vul|solution=No known solution was made available for at least one year since the disclosure +of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer +release, disable respective features, remove the product or replace the product by another one.|solution_type=WillNotFix|impact=Successful exploitation will allow attackers to inject arbitrary +HTML code within the error page and conduct phishing attacks.|affected=phpMyAdmin version 3.3.8.1 and prior.Medium4.399remote_vulMedium5{v1}2b0831858b0gps2023-09-29T11:36:37.717847Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtjQuery < 1.6.3 XSS VulnerabilityWeb application abuses4.3summary=jQuery is prone to a cross-site scripting (XSS) +vulnerability.|insight=Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, + when using location.hash to select elements, allows remote attackers to inject arbitrary web + script or HTML via a crafted tag.|qodType=remote_banner|solution=Update to version 1.6.3 or later.|solution_type=VendorFix|impact=|affected=jQuery prior to version 1.6.3.Medium4.380remote_bannerInstalled version: 1.3.2 +Fixed version: 1.6.3 +Installation +path / port: /mutillidae/javascript/ddsmoothmenu/jquery.min.js + +Detection info (see OID: 127.0.0.1.4.1.25127.0.0.1658 for more info): +- Identified file: http://127.0.0.1/mutillidae/javascript/ddsmoothmenu/jquery.min.js +- Referenced at: http://127.0.0.1/mutillidae/ +Medium5{v1}55390940921gps2023-09-29T11:36:37.717855Z{v1}e2eec5b536a{v1}b6b9f466d6322/tcpnvtWeak Encryption Algorithm(s) Supported (SSH)General4.3summary=The remote SSH server is configured to allow / support weak +encryption algorithm(s).|insight=- The 'arcfour' cipher is the Arcfour stream cipher with 128-bit + keys. The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour + (and RC4) has problems with weak keys, and should not be used anymore. + + - The 'none' algorithm specifies that no encryption is to be done. Note that this method provides + no confidentiality protection, and it is NOT RECOMMENDED to use it. + + - A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to + recover plaintext from a block of ciphertext.|qodType=remote_active|solution=Disable the reported weak encryption algorithm(s).|solution_type=Mitigation|impact=|affected=Medium4.395remote_activeThe remote SSH server supports the following weak client-to-server encryption algorithm(s): + +3des-cbc +aes128-cbc +aes192-cbc +aes256-cbc +arcfour +arcfour128 +arcfour256 +blowfish-cbc +cast128-cbc +rijndael-cbc@lysator.liu.se + + +The remote SSH server supports the following weak server-to-client encryption algorithm(s): + +3des-cbc +aes128-cbc +aes192-cbc +aes256-cbc +arcfour +arcfour128 +arcfour256 +blowfish-cbc +cast128-cbc +rijndael-cbc@lysator.liu.se +Medium5{v1}1fe916ed11dgps2023-09-29T11:36:37.717864Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki 'organization' Cross-Site Scripting VulnerabilityWeb application abuses4.3summary=TWiki is prone to a cross-site scripting (XSS) vulnerability.|insight=The flaw is due to an improper validation of user-supplied input + to the 'organization' field when registering or editing a user, which allows attackers to execute + arbitrary HTML and script code in a user's browser session in the context of an affected site.|qodType=remote_analysis|solution=No known solution was made available for at least one year +since the disclosure of this vulnerability. Likely none will be provided anymore. General solution +options are to upgrade to a newer release, disable respective features, remove the product or +replace the product by another one.|solution_type=WillNotFix|impact=Successful exploitation will allow remote attackers to insert + arbitrary HTML and script code, which will be executed in a user's browser + session in the context of an affected site.|affected=TWiki version 5.1.1 and priorMedium4.370remote_analysisVulnerable URL: http://127.0.0.1/twiki/bin/view/Main/CccCcc +Medium5{v1}101c559718cgps2023-09-29T11:36:37.717875Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength VulnerabilitySSL and TLS4.0summary=The SSL/TLS service uses Diffie-Hellman groups with insufficient strength +(key size < 2048).|insight=The Diffie-Hellman group are some big numbers that are used as base for + the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size + of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really + powerful attackers like governments.|qodType=remote_banner|solution=Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use +a 2048-bit or stronger Diffie-Hellman group (see the references). + +For Apache Web Servers: +Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.|solution_type=Workaround|impact=An attacker might be able to decrypt the SSL/TLS communication offline.|affected=4.080remote_bannerServer Temporary Key Size: 1024 bits + +5{v1}fec842e796egps2023-09-29T11:36:37.717887Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Certificate Signed Using A Weak Signature AlgorithmSSL and TLS4.0summary=The remote service is using a SSL/TLS certificate in the certificate chain that has been signed using a +cryptographically weak hashing algorithm.|insight=The following hashing algorithms used for signing SSL/TLS certificates are considered cryptographically weak + and not secure enough for ongoing use: + + - Secure Hash Algorithm 1 (SHA-1) + + - Message Digest 5 (MD5) + + - Message Digest 4 (MD4) + + - Message Digest 2 (MD2) + + Beginning as late as January 2017 and as early as June 2016, browser developers such as Microsoft and Google will begin warning users when visiting + web sites that use SHA-1 signed Secure Socket Layer (SSL) certificates. + + NOTE: The script preference allows to set one or more custom SHA-1 fingerprints of CA certificates which are trusted by this routine. The fingerprints + needs to be passed comma-separated and case-insensitive: + + Fingerprint1 + + or + + fingerprint1, Fingerprint2|qodType=remote_banner|solution=Servers that use SSL/TLS certificates signed with a weak SHA-1, MD5, MD4 or MD2 hashing algorithm will need to obtain new +SHA-2 signed SSL/TLS certificates to avoid web browser SSL/TLS certificate warnings.|solution_type=Mitigation|impact=|affected=4.080remote_bannerThe following certificates are part of the certificate chain but using insecure signature algorithms: + +Subject: 127.0.0.1127.0.0.1=#726F6F74407562756E74753830342D626173652E6C6F63616C646F6D61696E,CN=ubuntu804-base.localdomain,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX +Signature Algorithm: sha1WithRSAEncryption + + +500000000000000000{v1}e2eec5b536a2023-09-26T10:50:34Z2023-09-26T13:04:00Z444201923002023-09-26T13:04:00Z \ No newline at end of file diff --git a/unittests/scans/openvas_xml/no_vuln.xml b/unittests/scans/openvas_xml/no_vuln.xml new file mode 100644 index 00000000000..7f0ea2e69c9 --- /dev/null +++ b/unittests/scans/openvas_xml/no_vuln.xml @@ -0,0 +1 @@ +gpsHP-scan2023-10-04T21:34:09.251181Z00HP-scanXML9.0descendingseverityapply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1nistNVD Vulnerability Severity RatingsNone0.00.0Low0.13.9Medium4.06.9High7.010.0Done000000HP-scan0Target100.00Network Source Interfacesource_iface2023-09-25T10:46:09Z2023-09-25T10:46:09ZCoordinated Universal TimeUTC0000000000000000002023-09-25T10:54:26Z \ No newline at end of file diff --git a/unittests/scans/openvas_xml/one_vuln.xml b/unittests/scans/openvas_xml/one_vuln.xml new file mode 100644 index 00000000000..7a22e01825c --- /dev/null +++ b/unittests/scans/openvas_xml/one_vuln.xml @@ -0,0 +1,34 @@ +gpsdc01-testlab-scan2023-10-04T21:40:07.211438Z00dc01-testlab-scanXML9.0descendingseverityapply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1nistNVD Vulnerability Severity RatingsNone0.00.0Low0.13.9Medium4.06.9High7.010.0Done101000dc01-testlab-scan0Target100.00Network Source Interfacesource_iface2023-09-28T14:48:02Z2023-09-28T14:48:02ZCoordinated Universal TimeUTC1general/tcp10.0.101.210.0HighMozilla Firefox Security Update (mfsa_2023-32_2023-36) - Windowsgps2023-10-04T21:40:07.211472Z10.0.101.2general/tcpnvtMozilla Firefox Security Update (mfsa_2023-32_2023-36) - WindowsGeneral10.0summary=Mozilla Firefox is prone to multiple vulnerabilities.|insight=Multiple flaws exist due to, + + - Memory corruption in IPC CanvasTranslator. + + - Memory corruption in IPC ColorPickerShownCallback. + + - Memory corruption in IPC FilePickerShownCallback. + + - Integer Overflow in RecordedSourceSurfaceCreation. + + - Memory corruption in JIT UpdateRegExpStatics. + + - Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception. + + - Persisted search terms were formatted as URLs. + + - Push notifications saved to disk unencrypted. + + - XLL file extensions were downloadable without warnings. + + - Browsing Context potentially not cleared when closing Private Window. + + - Memory safety bugs.|qodType=registry|solution=Upgrade to version 117 or later, +Please see the references for more information.|solution_type=VendorFix|impact=Successful exploitation will allow + attackers to run arbitrary code, cause denial of service and disclose + sensitive information on affected systems.|affected=Mozilla Firefox version before + 117 on Windows.High10.097registryInstalled version: 116.0.3 +Fixed version: 117 +Installation +path / port: C:\Program Files\Mozilla Firefox + +High5 + +0000000000000000010.0.101.22023-09-28T14:48:02Z2023-09-28T16:12:15Z11000002023-09-28T16:12:15Z \ No newline at end of file diff --git a/unittests/scans/sarif/codeQL-output.sarif b/unittests/scans/sarif/codeQL-output.sarif index a01a8779d93..3da6a9aeb1d 100644 --- a/unittests/scans/sarif/codeQL-output.sarif +++ b/unittests/scans/sarif/codeQL-output.sarif @@ -5876,18 +5876,6 @@ "uri" : "bad/libapi.py", "uriBaseId" : "%SRCROOT%", "index" : 31 - }, - "region" : { - "startLine" : 8, - "startColumn" : 12, - "endColumn" : 20 - }, - "contextRegion" : { - "startLine" : 6, - "endLine" : 10, - "snippet" : { - "text" : "\n\ndef keygen(username, password=None):\n\n if password:\n" - } } }, "message" : { diff --git a/unittests/scans/ssh_audit/many_vulns.json b/unittests/scans/ssh_audit/many_vulns.json new file mode 100644 index 00000000000..44d15ee91af --- /dev/null +++ b/unittests/scans/ssh_audit/many_vulns.json @@ -0,0 +1,469 @@ +{ + "banner":{ + "comments":"Debian-10+deb10u2", + "protocol":"2.0", + "raw":"SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", + "software":"OpenSSH_7.9p1" + }, + "compression":[ + "none", + "zlib@openssh.com" + ], + "cves":[ + { + "cvssv2":7.0, + "description":"privilege escalation via supplemental groups", + "name":"CVE-2021-41617" + }, + { + "cvssv2":7.8, + "description":"command injection via anomalous argument transfers", + "name":"CVE-2020-15778" + }, + { + "cvssv2":7.8, + "description":"memory corruption and local code execution via pre-authentication integer overflow", + "name":"CVE-2019-16905" + }, + { + "cvssv2":5.3, + "description":"enumerate usernames via challenge response", + "name":"CVE-2016-20012" + } + ], + "enc":[ + { + "algorithm":"chacha20-poly1305@openssh.com", + "notes":{ + "info":[ + "default cipher since OpenSSH 6.9", + "available since OpenSSH 6.5" + ] + } + }, + { + "algorithm":"aes128-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm":"aes192-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7" + ] + } + }, + { + "algorithm":"aes256-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm":"aes128-gcm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"aes256-gcm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + } + ], + "fingerprints":[ + { + "hash":"mHoRf3V/hprQTMrO1PcDB2FSGhB61MlDJ//eWMtkkjE", + "hash_alg":"SHA256", + "hostkey":"ssh-ed25519" + }, + { + "hash":"df:8c:70:0c:d4:18:76:81:83:9e:39:05:6d:f1:01:75", + "hash_alg":"MD5", + "hostkey":"ssh-ed25519" + }, + { + "hash":"W1xWUfJ7EU3CEi4etW6JwLbQZz04gtYEfc8YGIouNyc", + "hash_alg":"SHA256", + "hostkey":"ssh-rsa" + }, + { + "hash":"f4:a2:aa:82:f8:fe:b1:06:de:9a:da:dc:bc:5d:e3:6c", + "hash_alg":"MD5", + "hostkey":"ssh-rsa" + } + ], + "kex":[ + { + "algorithm":"curve25519-sha256", + "notes":{ + "info":[ + "default fail key exchange since OpenSSH 6.4", + "available since OpenSSH 7.4, Dropbear SSH 2018.76" + ] + } + }, + { + "algorithm":"curve25519-sha256@libssh.org", + "notes":{ + "info":[ + "default key exchange since OpenSSH 6.4", + "available since OpenSSH 6.4, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp256", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp384", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp521", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"diffie-hellman-group-exchange-sha256", + "notes":{ + "info":[ + "available since OpenSSH 4.4" + ] + } + }, + { + "algorithm":"diffie-hellman-group16-sha512", + "notes":{ + "info":[ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ] + } + }, + { + "algorithm":"diffie-hellman-group18-sha512", + "notes":{ + "info":[ + "available since OpenSSH 7.3" + ] + } + }, + { + "algorithm":"diffie-hellman-group14-sha256", + "notes":{ + "info":[ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm":"diffie-hellman-group14-sha1", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 3.9, Dropbear SSH 0.53" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + } + ], + "key":[ + { + "algorithm":"rsa-sha2-512", + "keysize":2048, + "notes":{ + "info":[ + "available since OpenSSH 7.2" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm":"rsa-sha2-256", + "keysize":2048, + "notes":{ + "info":[ + "available since OpenSSH 7.2" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm":"ssh-rsa", + "keysize":2048, + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", + "available since OpenSSH 2.5.0, Dropbear SSH 0.28" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm":"ecdsa-sha2-nistp256", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ], + "warn":[ + "using weak random number generator could reveal the key" + ] + } + }, + { + "algorithm":"ssh-ed25519", + "notes":{ + "info":[ + "available since OpenSSH 6.5" + ] + } + } + ], + "mac":[ + { + "algorithm":"umac-64-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ], + "warn":[ + "using small 64-bit tag size" + ] + } + }, + { + "algorithm":"umac-128-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha2-256-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha2-512-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha1-etm@openssh.com", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"umac-64@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 4.7" + ], + "warn":[ + "using encrypt-and-MAC mode", + "using small 64-bit tag size" + ] + } + }, + { + "algorithm":"umac-128@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha2-256", + "notes":{ + "info":[ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha2-512", + "notes":{ + "info":[ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha1", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 2.1.0, Dropbear SSH 0.28" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + } + ], + "recommendations":{ + "critical":{ + "del":{ + "kex":[ + { + "name":"diffie-hellman-group14-sha1", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp256", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp384", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp521", + "notes":"" + } + ], + "key":[ + { + "name":"ecdsa-sha2-nistp256", + "notes":"" + }, + { + "name":"ssh-rsa", + "notes":"" + } + ], + "mac":[ + { + "name":"hmac-sha1", + "notes":"" + }, + { + "name":"hmac-sha1-etm@openssh.com", + "notes":"" + } + ] + } + }, + "warning":{ + "chg":{ + "key":[ + { + "name":"rsa-sha2-256", + "notes":"increase modulus size to 3072 bits or larger" + }, + { + "name":"rsa-sha2-512", + "notes":"increase modulus size to 3072 bits or larger" + } + ] + }, + "del":{ + "kex":[ + { + "name":"diffie-hellman-group14-sha256", + "notes":"" + } + ], + "mac":[ + { + "name":"hmac-sha2-256", + "notes":"" + }, + { + "name":"hmac-sha2-512", + "notes":"" + }, + { + "name":"umac-128@openssh.com", + "notes":"" + }, + { + "name":"umac-64-etm@openssh.com", + "notes":"" + }, + { + "name":"umac-64@openssh.com", + "notes":"" + } + ] + } + } + }, + "target":"sdf.sdf.fewio:22" + } \ No newline at end of file diff --git a/unittests/scans/ssh_audit/many_vulns2.json b/unittests/scans/ssh_audit/many_vulns2.json new file mode 100644 index 00000000000..c516ff80e1c --- /dev/null +++ b/unittests/scans/ssh_audit/many_vulns2.json @@ -0,0 +1,404 @@ +{ + "banner":{ + "comments":"Ubuntu-3ubuntu0.4", + "protocol":"2.0", + "raw":"SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4", + "software":"OpenSSH_8.9p1" + }, + "compression":[ + "none", + "zlib@openssh.com" + ], + "cves":[ + + ], + "enc":[ + { + "algorithm":"chacha20-poly1305@openssh.com", + "notes":{ + "info":[ + "default cipher since OpenSSH 6.9", + "available since OpenSSH 6.5" + ] + } + }, + { + "algorithm":"aes128-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm":"aes192-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7" + ] + } + }, + { + "algorithm":"aes256-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm":"aes128-gcm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"aes256-gcm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + } + ], + "fingerprints":[ + { + "hash":"7HGjPCpM7KL+xEDT+o4oMsuLphK9emAFY4T9fglsCjE", + "hash_alg":"SHA256", + "hostkey":"ssh-ed25519" + }, + { + "hash":"f5:30:24:c3:30:91:30:31:02:d6:44:9d:66:2e:92:8e", + "hash_alg":"MD5", + "hostkey":"ssh-ed25519" + }, + { + "hash":"v9O1CYNZpN+Ng3R+49vHmiBoJ6WhvMQ1Z4BeHcWFE4E", + "hash_alg":"SHA256", + "hostkey":"ssh-rsa" + }, + { + "hash":"0f:3b:05:af:12:cb:89:a0:41:01:47:55:b5:74:be:96", + "hash_alg":"MD5", + "hostkey":"ssh-rsa" + } + ], + "kex":[ + { + "algorithm":"curve25519-sha256", + "notes":{ + "info":[ + "default key exchange since OpenSSH 6.4", + "available since OpenSSH 7.4, Dropbear SSH 2018.76" + ] + } + }, + { + "algorithm":"curve25519-sha256@libssh.org", + "notes":{ + "info":[ + "default key exchange since OpenSSH 6.4", + "available since OpenSSH 6.4, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp256", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp384", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp521", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"sntrup761x25519-sha512@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 8.5" + ] + } + }, + { + "algorithm":"diffie-hellman-group-exchange-sha256", + "keysize":3072, + "notes":{ + "info":[ + "OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).", + "available since OpenSSH 4.4" + ] + } + }, + { + "algorithm":"diffie-hellman-group16-sha512", + "notes":{ + "info":[ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ] + } + }, + { + "algorithm":"diffie-hellman-group18-sha512", + "notes":{ + "info":[ + "available since OpenSSH 7.3" + ] + } + }, + { + "algorithm":"diffie-hellman-group14-sha256", + "notes":{ + "info":[ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + } + ], + "key":[ + { + "algorithm":"rsa-sha2-512", + "keysize":3072, + "notes":{ + "info":[ + "available since OpenSSH 7.2" + ] + } + }, + { + "algorithm":"rsa-sha2-256", + "keysize":3072, + "notes":{ + "info":[ + "available since OpenSSH 7.2" + ] + } + }, + { + "algorithm":"ecdsa-sha2-nistp256", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ], + "warn":[ + "using weak random number generator could reveal the key" + ] + } + }, + { + "algorithm":"ssh-ed25519", + "notes":{ + "info":[ + "available since OpenSSH 6.5" + ] + } + } + ], + "mac":[ + { + "algorithm":"umac-64-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ], + "warn":[ + "using small 64-bit tag size" + ] + } + }, + { + "algorithm":"umac-128-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha2-256-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha2-512-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha1-etm@openssh.com", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"umac-64@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 4.7" + ], + "warn":[ + "using encrypt-and-MAC mode", + "using small 64-bit tag size" + ] + } + }, + { + "algorithm":"umac-128@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha2-256", + "notes":{ + "info":[ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha2-512", + "notes":{ + "info":[ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha1", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 2.1.0, Dropbear SSH 0.28" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + } + ], + "recommendations":{ + "critical":{ + "del":{ + "kex":[ + { + "name":"ecdh-sha2-nistp256", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp384", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp521", + "notes":"" + } + ], + "key":[ + { + "name":"ecdsa-sha2-nistp256", + "notes":"" + } + ], + "mac":[ + { + "name":"hmac-sha1", + "notes":"" + }, + { + "name":"hmac-sha1-etm@openssh.com", + "notes":"" + } + ] + } + }, + "warning":{ + "del":{ + "kex":[ + { + "name":"diffie-hellman-group14-sha256", + "notes":"" + } + ], + "mac":[ + { + "name":"hmac-sha2-256", + "notes":"" + }, + { + "name":"hmac-sha2-512", + "notes":"" + }, + { + "name":"umac-128@openssh.com", + "notes":"" + }, + { + "name":"umac-64-etm@openssh.com", + "notes":"" + }, + { + "name":"umac-64@openssh.com", + "notes":"" + } + ] + } + } + }, + "target":"1.1.1.1:22" + } \ No newline at end of file diff --git a/unittests/scans/sysdig_reports/sysdig_reports_empty_with_error.csv b/unittests/scans/sysdig_reports/sysdig_reports_empty_with_error.csv new file mode 100644 index 00000000000..2530fa87a89 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_empty_with_error.csv @@ -0,0 +1,2 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted +High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2022-29162,2022-05-05,2022-05-12,v1.1.2,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv b/unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv new file mode 100644 index 00000000000..8fa90b5da80 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv @@ -0,0 +1,51 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,K8S cluster name,K8S namespace name,K8S workload type,K8S workload name,K8S container name,Image ID,K8S POD count,Package suggested fix,In use,Risk accepted +CVE-2022-29162,High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2022-29162,2022-05-05,2022-05-12,v1.1.2,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false +CVE-2023-28642,High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2023-28642,2023-03-25,2023-03-29,v1.1.5,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false +CVE-2023-36054,Medium,libgssapi-krb5-2,1.19.2-2ubuntu0.2,os,,mongo,ubuntu 22.04,3.1,6.5,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-36054,2023-07-05,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-36054,Medium,libk5crypto3,1.19.2-2ubuntu0.2,os,,mongo,ubuntu 22.04,3.1,6.5,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-36054,2023-07-05,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-36054,Medium,libkrb5-3,1.19.2-2ubuntu0.2,os,,mongo,ubuntu 22.04,3.1,6.5,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-36054,2023-07-05,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-36054,Medium,libkrb5support0,1.19.2-2ubuntu0.2,os,,mongo,ubuntu 22.04,3.1,6.5,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-36054,2023-07-05,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2022-48522,Medium,perl-base,5.34.0-3ubuntu1.2,os,,mongo,ubuntu 22.04,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://ubuntu.com/security/CVE-2022-48522,2023-08-22,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-25809,Medium,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,6.3,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L,https://nvd.nist.gov/vuln/detail/CVE-2023-25809,2023-03-29,2023-03-29,v1.1.5,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false +CVE-2023-29383,Low,login,1:4.8.1-2ubuntu2.1,os,,mongo,ubuntu 22.04,3.1,3.3,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,https://ubuntu.com/security/CVE-2023-29383,2023-03-30,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-29383,Low,passwd,1:4.8.1-2ubuntu2.1,os,,mongo,ubuntu 22.04,3.1,3.3,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,https://ubuntu.com/security/CVE-2023-29383,2023-03-30,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-2975,Low,libssl3,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N,https://ubuntu.com/security/CVE-2023-2975,2023-07-07,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-2975,Low,openssl,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N,https://ubuntu.com/security/CVE-2023-2975,2023-07-07,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-3446,Low,libssl3,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,https://ubuntu.com/security/CVE-2023-3446,2023-07-13,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-3446,Low,openssl,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,https://ubuntu.com/security/CVE-2023-3446,2023-07-13,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-3817,Low,libssl3,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,https://ubuntu.com/security/CVE-2023-3817,2023-07-25,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-3817,Low,openssl,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,https://ubuntu.com/security/CVE-2023-3817,2023-07-25,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-4016,Low,libprocps8,2:3.3.17-6ubuntu2,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-4016,2023-08-02,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-4016,Low,procps,2:3.3.17-6ubuntu2,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-4016,2023-08-02,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2022-27943,Low,gcc-12-base,12.3.0-1ubuntu1~22.04,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2022-27943,2022-03-23,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2022-27943,Low,libgcc-s1,12.3.0-1ubuntu1~22.04,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2022-27943,2022-03-23,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2022-27943,Low,libstdc++6,12.3.0-1ubuntu1~22.04,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2022-27943,2022-03-23,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2016-2781,Low,coreutils,8.32-4.1ubuntu1,os,,mongo,ubuntu 22.04,3.0,6.5,CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N,https://ubuntu.com/security/CVE-2016-2781,2016-02-28,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2022-46908,Low,libsqlite3-0,3.37.2-2ubuntu0.1,os,,mongo,ubuntu 22.04,3.1,7.3,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L,https://ubuntu.com/security/CVE-2022-46908,2022-12-04,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-2953,Low,libldap-2.5-0,2.5.16+dfsg-0ubuntu0.22.04.1,os,,mongo,ubuntu 22.04,3.1,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-2953,2022-08-24,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2022-3715,Low,bash,5.1-6ubuntu1,os,,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://ubuntu.com/security/CVE-2022-3715,2022-10-27,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2016-20013,Negligible,libc-bin,2.35-0ubuntu3.4,os,,mongo,ubuntu 22.04,3.1,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2016-20013,2016-08-31,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2016-20013,Negligible,libc6,2.35-0ubuntu3.4,os,,mongo,ubuntu 22.04,3.1,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2016-20013,2016-08-31,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2017-5648,Critical,org.apache.tomcat.embed:tomcat-embed-core,8.5.11,java,/usr/src/app/app.jar:BOOT-INF/lib/tomcat-embed-core-8.5.11.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N,https://nvd.nist.gov/vuln/detail/CVE-2017-5648,2017-02-09,2017-03-13,8.5.12,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,8.5.32,true,false +CVE-2017-8105,Critical,freetype,2.6.3-r0,os,,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2017-8105,2017-03-24,2017-05-13,2.6.3-r1,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.6.3-r1,false,false +CVE-2017-8287,Critical,freetype,2.6.3-r0,os,,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2017-8287,2017-03-26,2017-05-13,2.6.3-r1,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.6.3-r1,false,false +CVE-2018-1273,Critical,org.springframework.data:spring-data-commons,1.12.7.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-data-commons-1.12.7.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-1273,2018-03-27,2018-04-04,1.13.11,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,1.13.11,true,false +CVE-2018-1273,Critical,org.springframework.data:spring-data-rest-core,2.5.7.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-data-rest-core-2.5.7.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-1273,2018-03-27,2018-04-04,2.6.11,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.6.11,true,false +CVE-2018-1273,Critical,org.springframework.data:spring-data-rest-webmvc,2.5.7.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-data-rest-webmvc-2.5.7.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-1273,2018-03-27,2018-04-04,2.6.11,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.6.11,true,false +CVE-2018-19360,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-19360,2018-11-18,2018-11-23,2.8.11.3,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2018-19361,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-19361,2018-11-18,2018-11-23,2.8.11.3,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2018-19362,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-19362,2018-11-18,2018-11-23,2.8.11.3,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2018-7489,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-7489,2018-02-10,2018-02-11,2.8.11.1,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2018-8014,Critical,org.apache.tomcat.embed:tomcat-embed-core,8.5.11,java,/usr/src/app/app.jar:BOOT-INF/lib/tomcat-embed-core-8.5.11.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-8014,2018-05-16,2018-05-16,8.5.32,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,8.5.32,true,false +CVE-2016-1000027,Critical,org.springframework:spring-aop,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-aop-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-beans,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-beans-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-context,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-context-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-core,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-core-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-expression,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-expression-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-tx,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-tx-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-web,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-web-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-webmvc,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-webmvc-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-9841,Critical,zlib,1.2.8-r2,os,,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-9841,2016-09-30,,1.2.11-r0,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,1.2.11-r0,true,false +CVE-2016-9843,Critical,zlib,1.2.8-r2,os,,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-9843,2016-09-30,,1.2.11-r0,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,1.2.11-r0,true,false +CVE-2017-15095,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2017-15095,2017-11-02,2017-09-07,2.8.11,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2017-17485,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2017-17485,2017-04-11,2017-04-19,2.8.9,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv b/unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv new file mode 100644 index 00000000000..2530fa87a89 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv @@ -0,0 +1,2 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted +High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2022-29162,2022-05-05,2022-05-12,v1.1.2,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv b/unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv new file mode 100644 index 00000000000..61979cbff14 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv @@ -0,0 +1,2 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted +Wrong Field Contents,High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2022-29162,2022-05-05,2022-05-12,v1.1.2,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv b/unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv new file mode 100644 index 00000000000..02ddeb47af2 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv @@ -0,0 +1,2 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted +CVE-2018-19360,Critical,com.fasterxml.jackson.core:jackson-databind,2.9.7,java,/app/text4shell-poc.jar:BOOT-INF/lib/jackson-databind-2.9.7.jar,harbor.aamiles.org:30003/library/text4shell-docker-vuln:latest,alpine 3.9.4,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-19360,2018-11-18,2018-11-23,v2.9.8,false,harbor.aamiles.org:30003,library/text4shell-docker-vuln,sha256:c4e3524ae58d87458d65518ec68ee292ce2ef330924fd1f42afacf11b698cb03,v2.9.10,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv b/unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv new file mode 100644 index 00000000000..89b12f8ee2e --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv @@ -0,0 +1 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted diff --git a/unittests/scans/threagile/bad_formatted_risks_file.json b/unittests/scans/threagile/bad_formatted_risks_file.json new file mode 100644 index 00000000000..9e26dfeeb6e --- /dev/null +++ b/unittests/scans/threagile/bad_formatted_risks_file.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/unittests/scans/threagile/empty_file_no_risks.json b/unittests/scans/threagile/empty_file_no_risks.json new file mode 100644 index 00000000000..0637a088a01 --- /dev/null +++ b/unittests/scans/threagile/empty_file_no_risks.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/unittests/scans/threagile/risks.json b/unittests/scans/threagile/risks.json new file mode 100644 index 00000000000..7216cb94be7 --- /dev/null +++ b/unittests/scans/threagile/risks.json @@ -0,0 +1,111 @@ +[ + { + "category": "unguarded-direct-datastore-access", + "risk_status": "unchecked", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eEnergon\u003c/b\u003e via \u003cb\u003eEnergonToPolicyRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@energon-ta\u003eenergontopolicyregofilestorage@energon-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "energon-ta\u003eenergontopolicyregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "unguarded-direct-datastore-access", + "risk_status": "in-discussion", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eIAMSidecar\u003c/b\u003e via \u003cb\u003eIAMBachendAPIPoliciesRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@iam-sidecar-ta\u003eiambachendapipoliciesregofilestorage@iam-sidecar-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "iam-sidecar-ta\u003eiambachendapipoliciesregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "unguarded-direct-datastore-access", + "risk_status": "accepted", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eIDMSidecar\u003c/b\u003e via \u003cb\u003eIAMSidecarPoliciesRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@idm-sidecar-ta\u003eiamsidecarpoliciesregofilestorage@idm-sidecar-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "idm-sidecar-ta\u003eiamsidecarpoliciesregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "missing-network-segmentation", + "risk_status": "in-progress", + "severity": "medium", + "exploitation_likelihood": "unlikely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eMissing Network Segmentation\u003c/b\u003e to further encapsulate and protect \u003cb\u003eIAMBackendAPI\u003c/b\u003e against unrelated lower protected assets in the same network segment, which might be easier to compromise by attackers", + "synthetic_id": "missing-network-segmentation@iam-backend-api-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "iam-backend-api-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "iam-backend-api-ta" + ] + }, + { + "category": "mixed-targets-on-shared-runtime", + "risk_status": "mitigated", + "severity": "low", + "exploitation_likelihood": "unlikely", + "exploitation_impact": "low", + "title": "\u003cb\u003eMixed Targets on Shared Runtime\u003c/b\u003e named \u003cb\u003eSome Shared Runtime\u003c/b\u003e might enable attackers moving from one less valuable target to a more valuable one", + "synthetic_id": "mixed-targets-on-shared-runtime@some-runtime", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "some-runtime", + "most_relevant_communication_link": "", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "some-component", + "some-other-component" + ] + }, + { + "category": "missing-authentication", + "risk_status": "false-positive", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eMissing Authentication\u003c/b\u003e covering communication link \u003cb\u003eSome Traffic\u003c/b\u003e from \u003cb\u003eSome Technical Asset\u003c/b\u003e to \u003cb\u003eSome Other Technical Asset\u003c/b\u003e", + "synthetic_id": "missing-authentication@some-component\u003esome-traffic@some-component@some-other-component", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "some-component\u003esome-traffic", + "data_breach_probability": "possible", + "data_breach_technical_assets": [ + "some-other-component" + ] + } + ] \ No newline at end of file diff --git a/unittests/tools/test_awssecurityhub_parser.py b/unittests/tools/test_awssecurityhub_parser.py index 60de0e7485f..5619f4f4ce5 100644 --- a/unittests/tools/test_awssecurityhub_parser.py +++ b/unittests/tools/test_awssecurityhub_parser.py @@ -20,6 +20,7 @@ def test_one_finding(self): self.assertEqual("Informational", finding.severity) self.assertTrue(finding.is_mitigated) self.assertFalse(finding.active) + self.assertEqual("https://docs.aws.amazon.com/console/securityhub/IAM.5/remediation", finding.references) def test_one_finding_active(self): with open(get_unit_tests_path() + sample_path("config_one_finding_active.json")) as test_file: @@ -58,7 +59,11 @@ def test_inspector_ec2(self): findings = parser.get_findings(test_file, Test()) self.assertEqual(5, len(findings)) finding = findings[0] - self.assertIn("CVE-2022-3643", finding.title) + self.assertEqual("CVE-2022-3643 - kernel - Resource: i-11111111111111111", finding.title) + self.assertEqual("Resource: i-11111111111111111", finding.impact) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-3643", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("- Update kernel-4.14.301\n\t- yum update kernel\n", finding.mitigation) def test_inspector_ec2_with_no_vulnerabilities(self): with open(get_unit_tests_path() + sample_path("inspector_ec2_cve_no_vulnerabilities.json")) as test_file: @@ -76,3 +81,19 @@ def test_inspector_ec2_ghsa(self): self.assertFalse(finding.is_mitigated) self.assertTrue(finding.active) self.assertIn("GHSA-p98r-538v-jgw5", finding.title) + self.assertSetEqual({"CVE-2023-34256", "GHSA-p98r-538v-jgw5"}, set(finding.unsaved_vulnerability_ids)) + self.assertEqual("https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-p98r-538v-jgw5", finding.references) + + def test_inspector_ecr(self): + with open(get_unit_tests_path() + sample_path("inspector_ecr.json")) as test_file: + parser = AwsSecurityHubParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(7, len(findings)) + + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertFalse(finding.is_mitigated) + self.assertTrue(finding.active) + self.assertEqual("CVE-2023-2650 - openssl - Image: repo-os/sha256:af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74", finding.title) + self.assertIn("repo-os/sha256:af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74", finding.impact) + self.assertIn("Repository: repo-os", finding.impact) diff --git a/unittests/tools/test_hcl_appscan_parser.py b/unittests/tools/test_hcl_appscan_parser.py new file mode 100644 index 00000000000..921caaafe80 --- /dev/null +++ b/unittests/tools/test_hcl_appscan_parser.py @@ -0,0 +1,24 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.hcl_appscan.parser import HCLAppScanParser + + +class TestHCLAppScanParser(DojoTestCase): + + def test_no_findings(self): + my_file_handle = open("unittests/scans/hcl_appscan/no_findings.xml") + parser = HCLAppScanParser() + findings = parser.get_findings(my_file_handle, None) + my_file_handle.close() + self.assertEqual(0, len(findings)) + + def test_many_findings(self): + my_file_handle = open("unittests/scans/hcl_appscan/many_findings.xml") + parser = HCLAppScanParser() + findings = parser.get_findings(my_file_handle, None) + my_file_handle.close() + self.assertEqual(60, len(findings)) + self.assertEqual(findings[0].title, "Unencrypted Login Request_mani-virtual-machine_/dvja-1.0-SNAPSHOT/register.action") + self.assertEqual(findings[1].title, "Unencrypted Login Request_mani-virtual-machine_/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC") + self.assertEqual(findings[0].severity, "High") + self.assertEqual(findings[9].severity, "Medium") + self.assertEqual(findings[1].description, "Issue-Type-Name: Unencrypted Login Request\nLocation: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC\nDomain: mani-virtual-machine\nElement: password\nElementType: Parameter\nPath: /dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC\nScheme: http\nHost: mani-virtual-machine\nPort: 9000\n") diff --git a/unittests/tools/test_mobsf_parser.py b/unittests/tools/test_mobsf_parser.py index 8a1901a5c4e..c5100cf5d23 100644 --- a/unittests/tools/test_mobsf_parser.py +++ b/unittests/tools/test_mobsf_parser.py @@ -66,3 +66,18 @@ def test_parse_file_3_1_9_ios(self): testfile.close() self.assertEqual(11, len(findings)) # TODO add more checks dedicated to this file + + def test_parse_file_mobsf_3_7_9(self): + test = Test() + engagement = Engagement() + engagement.product = Product() + test.engagement = engagement + testfile = open("unittests/scans/mobsf/mobsf_3_7_9.json") + parser = MobSFParser() + findings = parser.get_findings(testfile, test) + testfile.close() + self.assertEqual(2, len(findings)) + self.assertEqual(findings[0].title, "The binary may contain the following insecure API(s) _memcpy\n, _strlen\n") + self.assertEqual(findings[1].title, "The binary may use _malloc\n function instead of calloc") + self.assertEqual(findings[0].severity, "High") + self.assertEqual(findings[1].severity, "High") diff --git a/unittests/tools/test_openvas_xml_parser.py b/unittests/tools/test_openvas_xml_parser.py new file mode 100644 index 00000000000..40004d6e0b2 --- /dev/null +++ b/unittests/tools/test_openvas_xml_parser.py @@ -0,0 +1,43 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.openvas_xml.parser import OpenVASXMLParser +from dojo.models import Test, Engagement, Product + + +class TestOpenVASUploadXMLParser(DojoTestCase): + + def test_openvas_xml_no_vuln(self): + with open("unittests/scans/openvas_xml/no_vuln.xml") as f: + test = Test() + test.engagement = Engagement() + test.engagement.product = Product() + parser = OpenVASXMLParser() + findings = parser.get_findings(f, test) + self.assertEqual(0, len(findings)) + + def test_openvas_xml_one_vuln(self): + with open("unittests/scans/openvas_xml/one_vuln.xml") as f: + test = Test() + test.engagement = Engagement() + test.engagement.product = Product() + parser = OpenVASXMLParser() + findings = parser.get_findings(f, test) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Mozilla Firefox Security Update (mfsa_2023-32_2023-36) - Windows_10.0.101.2_general/tcp", finding.title) + self.assertEqual("Critical", finding.severity) + + def test_openvas_xml_many_vuln(self): + with open("unittests/scans/openvas_xml/many_vuln.xml") as f: + test = Test() + test.engagement = Engagement() + test.engagement.product = Product() + parser = OpenVASXMLParser() + findings = parser.get_findings(f, test) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(44, len(findings)) diff --git a/unittests/tools/test_sarif_parser.py b/unittests/tools/test_sarif_parser.py index 7bfa4c944c3..8902f846306 100644 --- a/unittests/tools/test_sarif_parser.py +++ b/unittests/tools/test_sarif_parser.py @@ -57,9 +57,11 @@ def test_example2_report(self): **Rule short description:** A variable was used without being initialized. **Rule full description:** A variable was used without being initialized. This can result in runtime errors such as null reference exceptions. **Code flow:** -\tcollections/list.h:15\t-\tint *ptr; -\tcollections/list.h:15\t-\toffset = (y + z) * q + 1; -\tcollections/list.h:25\t-\tadd_core(ptr, offset, val)""" +1. collections/list.h:L15\t-\tint *ptr; +\tVariable `ptr` declared. +2. collections/list.h:L15\t-\toffset = (y + z) * q + 1; +3. collections/list.h:L25\t-\tadd_core(ptr, offset, val) +\tUninitialized variable `ptr` passed to method `add_core`.""" self.assertEqual(description, item.description) self.assertEqual(datetime.datetime(2016, 7, 16, 14, 19, 1, tzinfo=datetime.timezone.utc), item.date) for finding in findings: diff --git a/unittests/tools/test_ssh_audit_parser.py b/unittests/tools/test_ssh_audit_parser.py new file mode 100644 index 00000000000..10f070c31cb --- /dev/null +++ b/unittests/tools/test_ssh_audit_parser.py @@ -0,0 +1,32 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.ssh_audit.parser import SSHAuditParser +from dojo.models import Test + + +class TestSSHAuditParser(DojoTestCase): + + def test_parse_file_with_many_vuln_has_many_findings(self): + testfile = open("unittests/scans/ssh_audit/many_vulns.json") + parser = SSHAuditParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(20, len(findings)) + self.assertEqual(findings[0].title, "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2_CVE-2021-41617") + self.assertEqual(findings[1].title, "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2_CVE-2020-15778") + self.assertEqual(findings[0].severity, "High") + self.assertEqual(findings[13].severity, "Medium") + + def test_parse_file_with_many_vuln_has_many_findings2(self): + testfile = open("unittests/scans/ssh_audit/many_vulns2.json") + parser = SSHAuditParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(12, len(findings)) + self.assertEqual(findings[0].title, "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4_ecdh-sha2-nistp256") + self.assertEqual(findings[1].title, "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4_ecdh-sha2-nistp384") + self.assertEqual(findings[0].severity, "High") + self.assertEqual(findings[9].severity, "Medium") diff --git a/unittests/tools/test_sysdig_reports_parser.py b/unittests/tools/test_sysdig_reports_parser.py new file mode 100644 index 00000000000..6a71aace28b --- /dev/null +++ b/unittests/tools/test_sysdig_reports_parser.py @@ -0,0 +1,64 @@ +from django.test import TestCase +from dojo.tools.sysdig_reports.parser import SysdigReportsParser +from dojo.models import Test + + +class TestSysdigParser(TestCase): + + def test_sysdig_parser_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_sysdig_parser_with_one_criticle_vuln_has_one_findings(self): + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + self.assertEqual("com.fasterxml.jackson.core:jackson-databind", findings[0].component_name) + self.assertEqual("2.9.7", findings[0].component_version) + self.assertEqual("CVE-2018-19360", findings[0].cve) + + def test_sysdig_parser_with_many_vuln_has_many_findings(self): + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(50, len(findings)) + + def test_sysdig_parser_missing_cve_field_id_from_csv_file(self): + with self.assertRaises(ValueError) as context: + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertTrue( + "sysdig report contains errors:" in str(context.exception) + ) + self.assertTrue("ECONNREFUSED" in str(context.exception)) + + def test_sysdig_parser_missing_cve_field_not_starting_with_cve(self): + with self.assertRaises(ValueError) as context: + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertTrue( + "sysdig report contains errors:" in str(context.exception) + ) + self.assertTrue("ECONNREFUSED" in str(context.exception)) diff --git a/unittests/tools/test_threagile_parser.py b/unittests/tools/test_threagile_parser.py new file mode 100644 index 00000000000..0a516e3fdcc --- /dev/null +++ b/unittests/tools/test_threagile_parser.py @@ -0,0 +1,70 @@ +from dojo.models import Test +from dojo.tools.threagile.parser import ThreagileParser +from unittests.dojo_test_case import DojoTestCase + + +class TestThreAgileParser(DojoTestCase): + def test_non_threagile_file_raises_error(self): + with open("unittests/scans/threagile/bad_formatted_risks_file.json") as testfile: + parser = ThreagileParser() + with self.assertRaises(ValueError) as exc_context: + parser.get_findings(testfile, Test()) + exc = exc_context.exception + self.assertEqual("Invalid ThreAgile risks file", str(exc)) + + def test_empty_file_returns_no_findings(self): + with open("unittests/scans/threagile/empty_file_no_risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_file_with_vulnerabilities_returns_correct_findings(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(6, len(findings)) + finding = findings[0] + self.assertEqual("unguarded-direct-datastore-access", finding.title) + self.assertEqual("\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eEnergon\u003c/b\u003e via \u003cb\u003eEnergonToPolicyRegoFileStorage\u003c/b\u003e", finding.description) + self.assertEqual("High", finding.severity) + self.assertEqual("unguarded-direct-datastore-access@energon-ta>energontopolicyregofilestorage@energon-ta@policies-rego-storage-ta", finding.unique_id_from_tool) + self.assertEqual(501, finding.cwe) + self.assertEqual("medium", finding.impact) + self.assertEqual("policies-rego-storage-ta", finding.component_name) + + def test_in_discussion_is_under_review(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[1] + self.assertTrue(finding.under_review) + + def test_accepted_finding_is_accepted(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[2] + self.assertTrue(finding.risk_accepted) + + def test_in_progress_is_verified(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[3] + self.assertTrue(finding.verified) + + def test_mitigated_is_mitigated(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[4] + self.assertTrue(finding.is_mitigated) + self.assertEqual("some-runtime", finding.component_name) + + def test_false_positive_is_false_positive(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[5] + self.assertTrue(finding.false_p) + self.assertEqual("some-component\u003esome-traffic", finding.component_name)