/alerttags/cwe-311/ Recent content in CWE-311 on ZAP Hugo en-us /docs/alerts/10106/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10106/ <p>The site is only served under HTTP and not HTTPS.</p> /docs/alerts/10205-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10205-1/ <p>Performs HTTPS configuration analysis including certificate details and supported cipher suites.</p> /docs/alerts/10047/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10047/ <p>Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption).</p> /docs/alerts/10205-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10205-2/ <p>The HTTPS configuration has one or more security issues identified by the TLS risk assessment.</p> /docs/alerts/100007/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100007/ <p>A Base64-encoded string has been found in the HTTP response body. Base64-encoded data may contain sensitive information such as usernames, passwords or cookies which should be further inspected.</p> /docs/alerts/100008/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100008/ <p>A credit card number was found in the HTTP response body.</p> /docs/alerts/100009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100009/ <p>An email address was found in the HTTP response body. Exposure of email addresses in HTTP messages can lead to privacy violations and targeted phishing attacks.</p> /docs/alerts/100006/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100006/ <p>The F5 BIG-IP Persistence cookie set for this website can be decoded to a specific IP and port. An attacker may leverage this information to conduct Social Engineering attacks or other exploits.</p> /docs/alerts/10040/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10040/ <p>The page includes mixed content, that is content accessed via HTTP instead of HTTPS.</p>