CWE-497 on ZAP

Hash Disclosure - BCrypt

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - BCrypt

Hash Disclosure - Kerberos AFS DES

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - Kerberos AFS DES

Hash Disclosure - LanMan

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - LanMan

Hash Disclosure - LanMan / DES

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - LanMan / DES

Hash Disclosure - MD4 / MD5

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - MD4 / MD5

Hash Disclosure - MD5 Crypt

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - MD5 Crypt

Hash Disclosure - NTLM

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - NTLM

Hash Disclosure - OpenBSD Blowfish

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - OpenBSD Blowfish

Hash Disclosure - Salted SHA-1

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - Salted SHA-1

Hash Disclosure - SHA-1

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-1

Hash Disclosure - SHA-224

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-224

Hash Disclosure - SHA-256

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-256

Hash Disclosure - SHA-256 Crypt

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-256 Crypt

Hash Disclosure - SHA-384

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-384

Hash Disclosure - SHA-512

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-512

Hash Disclosure - SHA-512 Crypt

Mon, 01 Jan 0001 00:00:00 +0000

A hash was disclosed by the web server. - SHA-512 Crypt

In Page Banner Information Leak

Mon, 01 Jan 0001 00:00:00 +0000

The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use.

Private IP Disclosure

Mon, 01 Jan 0001 00:00:00 +0000

A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.

Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

Mon, 01 Jan 0001 00:00:00 +0000

The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

Server Leaks its Webserver Application via "Server" HTTP Response Header Field

Mon, 01 Jan 0001 00:00:00 +0000

The web/application server is leaking the application it uses as a webserver via the “Server” HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to. This information alone, i.e. without a version string, is not very dangerous for the security of a server, nevertheless this information in the response header field is almost always useless and thus just an obsolete attacking vector.

Server Leaks Version Information via "Server" HTTP Response Header Field

Mon, 01 Jan 0001 00:00:00 +0000

The web/application server is leaking version information via the “Server” HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

Timestamp Disclosure - Unix

Mon, 01 Jan 0001 00:00:00 +0000

A timestamp was disclosed by the application/web server. - Unix

X-Backend-Server Header Information Leak

Mon, 01 Jan 0001 00:00:00 +0000

The server is leaking information pertaining to backend systems (such as hostnames or IP addresses). Armed with this information an attacker may be able to attack other systems or more directly/efficiently attack those systems.