ZAP Full Scan Report #9747
Description
-
Site: https://firefox-settings-attachments.cdn.mozilla.net
New Alerts- Strict-Transport-Security Header Not Set [10035] total: 1:
- Timestamp Disclosure - Unix [10096] total: 1:
- X-Content-Type-Options Header Missing [10021] total: 1:
- Base64 Disclosure [10094] total: 1:
- Re-examine Cache-control Directives [10015] total: 1:
- Retrieved from Cache [10050] total: 1:
-
Site: http://localhost:8080
New Alerts- Path Traversal [6] total: 2:
- SQL Injection [40018] total: 12:
- http://localhost:8080/iaf/api/configurations/Frank2Example/adapters/HelloWorlds/flow?0=%27%28
- http://localhost:8080/iaf/api/configurations/Frank2Example/adapters/HelloWorlds/flow?1759804832876=%27%28
- http://localhost:8080/iaf/api/configurations/Frank2Example/adapters/HelloWorlds/flow?1759804873781=%3B
- http://localhost:8080/iaf/api/configurations/Frank2Example/adapters/HelloWorlds/flow?1759804874470=%3B
- http://localhost:8080/iaf/api/configurations/IAF_Util/monitors
- ..
- Vulnerable JS Library [10003] total: 1:
- Absence of Anti-CSRF Tokens [10202] total: 1:
- Application Error Disclosure [90022] total: 1:
- Buffer Overflow [30001] total: 1:
- CSP: Wildcard Directive [10055] total: 1:
- CSP: script-src unsafe-eval [10055] total: 1:
- CSP: style-src unsafe-inline [10055] total: 1:
- Content Security Policy (CSP) Header Not Set [10038] total: 5:
- Insecure HTTP Method - DELETE [90028] total: 4:
- Integer Overflow Error [30003] total: 6:
- http://localhost:8080/iaf/ladybug/api/metadata/FileDebugStorage/?limit=10&metadataNames=storageId&metadataNames=endTime&metadataNames=duration&metadataNames=name&metadataNames=correlationId&metadataNames=status&metadataNames=numberOfCheckpoints&metadataNames=estimatedMemoryUsage&metadataNames=storageSize
- http://localhost:8080/iaf/api/configurations/IAF_Util/monitors
- http://localhost:8080/iaf/api/configurations/IAF_Util/monitors/UXWutktj
- http://localhost:8080/iaf/api/configurations/IAF_Util/monitors/yiKlVEOq
- http://localhost:8080/iaf/api/configurations/IAF_Util/monitors/yiKlVEOq
- ..
- Missing Anti-clickjacking Header [10020] total: 1:
- Cookie without SameSite Attribute [10054] total: 2:
- Dangerous JS Functions [10110] total: 2:
- Information Disclosure - Debug Error Messages [10023] total: 3:
- Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 12:
- http://localhost:8080/iaf/gui/
- http://localhost:8080/iaf/gui/assets/favicon/apple-touch-icon.png?v=2
- http://localhost:8080/iaf/gui/assets/favicon/browserconfig.xml?v=2
- http://localhost:8080/iaf/gui/assets/favicon/favicon-16x16.png?v=2
- http://localhost:8080/iaf/gui/assets/favicon/favicon-32x32.png?v=2
- ..
- Permissions Policy Header Not Set [10063] total: 7:
- Timestamp Disclosure - Unix [10096] total: 6:
- http://localhost:8080/iaf/gui/assets/monaco/vs/base/worker/workerMain.js
- http://localhost:8080/iaf/gui/assets/monaco/vs/base/worker/workerMain.js
- http://localhost:8080/iaf/gui/assets/monaco/vs/base/worker/workerMain.js
- http://localhost:8080/iaf/gui/assets/monaco/vs/editor/editor.main.js
- http://localhost:8080/iaf/gui/assets/monaco/vs/editor/editor.main.js
- ..
- X-Content-Type-Options Header Missing [10021] total: 8:
- Base64 Disclosure [10094] total: 5:
- Information Disclosure - Suspicious Comments [10027] total: 2:
- Modern Web Application [10109] total: 1:
- Non-Storable Content [10049] total: 11:
- Sec-Fetch-Dest Header is Missing [90005] total: 4:
- Sec-Fetch-Mode Header is Missing [90005] total: 4:
- Sec-Fetch-Site Header is Missing [90005] total: 4:
- Sec-Fetch-User Header is Missing [90005] total: 4:
- Session Management Response Identified [10112] total: 3:
Ignored Alerts
- Source Code Disclosure - Java [10099] total: 1:
- Private IP Disclosure [2] total: 1:
- Base64 Disclosure in WebSocket message [110002] total: 156:
- WSDL File Detection [90030] total: 1:
View the following link to download the report.
RunnerID:18300137262