diff --git a/angularjs-library-with-known-vulnerabilities.md b/angularjs-library-with-known-vulnerabilities.md index 3c8b82d..cdc9d5a 100644 --- a/angularjs-library-with-known-vulnerabilities.md +++ b/angularjs-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/backbone-library-with-known-vulnerabilities.md b/backbone-library-with-known-vulnerabilities.md index 6dcf5f1..55c397c 100644 --- a/backbone-library-with-known-vulnerabilities.md +++ b/backbone-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/bootstrap-library-with-known-vulnerabilities.md b/bootstrap-library-with-known-vulnerabilities.md index fdad18a..7d46afa 100644 --- a/bootstrap-library-with-known-vulnerabilities.md +++ b/bootstrap-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/browser-content-sniffing-allowed.md b/browser-content-sniffing-allowed.md index 89449ac..f790e6e 100644 --- a/browser-content-sniffing-allowed.md +++ b/browser-content-sniffing-allowed.md @@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N # CWE ID -CWE-16 +CWE-693 # CWE NAME -Configuration +Protection Mechanism Failure # Affected Compliance @@ -29,18 +29,18 @@ OWASP Top 10: A6 # Description -The application allows browsers to try to mime-sniff the content-type of the responses. This means the browser may try to guess the content-type by looking at the response content, and render it in way it was not intended to. This behavior may lead to the execution of malicious code, for instance, to explore an XSS vulnerability. - -Applications should disable this behavior, forcing browsers to honor the content-type specified in the response. Without a specific content-type set browsers will default to render the content as text, turning XSS payloads innocuous. - +The application allows browsers to try to mime-sniff the content-type of the responses. This means the browser may try to guess the content-type by looking at the response content, and render it in way it was not intended to. This behavior may lead to the execution of malicious code, for instance, to explore an XSS vulnerability. + +Applications should disable this behavior, forcing browsers to honor the content-type specified in the response. Without a specific content-type set browsers will default to render the content as text, turning XSS payloads innocuous. + Disabling mime-sniffing should be seen as an extra layer of defense against XSS, and not as replacement of the recommended XSS prevention techniques. # Generic How-to fix -This problem can be fixed by sending the header **X-Content-Type-Options** with value **nosniff**, to force browsers to disable the content-type guessing (the sniffing). - -The header should look this: - - X-Content-Type-Options: nosniff - +This problem can be fixed by sending the header **X-Content-Type-Options** with value **nosniff**, to force browsers to disable the content-type guessing (the sniffing). + +The header should look this: + + X-Content-Type-Options: nosniff + It is normally easy to enable the header in the web server configuration file, but it can also be done at application level. diff --git a/browser-xss-protection-disabled.md b/browser-xss-protection-disabled.md index 3026ed5..8a14fb4 100644 --- a/browser-xss-protection-disabled.md +++ b/browser-xss-protection-disabled.md @@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N # CWE ID -CWE-16 +CWE-693 # CWE NAME -Configuration +Protection Mechanism Failure # Affected Compliance @@ -29,22 +29,22 @@ OWASP Top 10: A6 # Description -The application explicitly disables the browser Cross-Site Scripting (XSS) filter functionality, thus reducing the level of protection browsers provide to users. -The XSS filter detects and blocks the execution of malicious code that may be present in an URL, reducing the chances of an attacker being able to explore a XSS vulnerability in the application. - +The application explicitly disables the browser Cross-Site Scripting (XSS) filter functionality, thus reducing the level of protection browsers provide to users. +The XSS filter detects and blocks the execution of malicious code that may be present in an URL, reducing the chances of an attacker being able to explore a XSS vulnerability in the application. + This filter should be seen as an extra layer of defense against XSS, and not as replacement of the recommended XSS prevention techniques. # Generic How-to fix -This problem is caused because the application sends the header **X-XSS-Protection** with value **0**, so can either stop sending the header or changing it to **1**. - -By default, browsers have the XSS protection enabled, therefore not sending the header at all will keep the XSS filter enabled. -Sending the header with **1** will enable the protection, if not already. The header will look like this: - - X-XSS-Protection: 1 - -Additionally there is one optional directive for this header: **mode=block**. - - X-XSS-Protection: 1; mode=block - +This problem is caused because the application sends the header **X-XSS-Protection** with value **0**, so can either stop sending the header or changing it to **1**. + +By default, browsers have the XSS protection enabled, therefore not sending the header at all will keep the XSS filter enabled. +Sending the header with **1** will enable the protection, if not already. The header will look like this: + + X-XSS-Protection: 1 + +Additionally there is one optional directive for this header: **mode=block**. + + X-XSS-Protection: 1; mode=block + This directive instructs the browser to stop rendering the page if a malicious payload is detected in URL, instead of sanitizing the URL by removing the malicious parts, which is the default behavior. Blocking rendering is safer, since it prevents side effects caused by sanitization. diff --git a/certificate-with-insufficient-key-size-or-usage,-or-insecure-signature-algorithm.md b/certificate-with-insufficient-key-size-or-usage,-or-insecure-signature-algorithm.md index 435f537..b0875bd 100644 --- a/certificate-with-insufficient-key-size-or-usage,-or-insecure-signature-algorithm.md +++ b/certificate-with-insufficient-key-size-or-usage,-or-insecure-signature-algorithm.md @@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-310 +CWE-326 # CWE NAME -Cryptographic Issues +Inadequate Encryption Strength # Affected Compliance @@ -31,20 +31,20 @@ PCI-DSS: 4.1, 6.5.4 # Description -We identified one or more issues with your X509 server certificate, which are detailed further below. - -This finding usually means that the certificate was emitted with insecure attributes. Common examples include: - - * Using 1024-bit RSA keys; - * Using the MD5 hashing algorithm for digital signatures; +We identified one or more issues with your X509 server certificate, which are detailed further below. + +This finding usually means that the certificate was emitted with insecure attributes. Common examples include: + + * Using 1024-bit RSA keys; + * Using the MD5 hashing algorithm for digital signatures; * Having an invalid `keyUsage` attribute. For example, using a certificate whose purpose does not allow it to be used for Digital Signature or Key Agreement. # Generic How-to fix -Please replace your X509 certificate as soon as possible. Use a certificate from a Certification Authority trusted by modern browsers, which should guarantee it fulfills all security requirements. If you are unsure about choosing a Certificate Authority, we recommend [Let's Encrypt](https://letsencrypt.org/). Let's Encrypt provides modern X509 certificates at no cost. - -If you are using an internal Certificate Authority, or are using self-signed certificates, please ensure that the following requirements are met: - - * Use RSA certificates with, at least, 2048-bit key size, or EC certificates with, at least, 256-bit key size; - * Ensure that a strong hash function is used in the certificate digital signature, such as SHA-256; +Please replace your X509 certificate as soon as possible. Use a certificate from a Certification Authority trusted by modern browsers, which should guarantee it fulfills all security requirements. If you are unsure about choosing a Certificate Authority, we recommend [Let's Encrypt](https://letsencrypt.org/). Let's Encrypt provides modern X509 certificates at no cost. + +If you are using an internal Certificate Authority, or are using self-signed certificates, please ensure that the following requirements are met: + + * Use RSA certificates with, at least, 2048-bit key size, or EC certificates with, at least, 256-bit key size; + * Ensure that a strong hash function is used in the certificate digital signature, such as SHA-256; * Ensure that the `keyUsage` attribute has the required flags: Digital Signature and Key Agreement. diff --git a/certificate-without-revocation-information.md b/certificate-without-revocation-information.md index 448d150..bac036c 100644 --- a/certificate-without-revocation-information.md +++ b/certificate-without-revocation-information.md @@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N # CWE ID -CWE-16 +CWE-299 # CWE NAME -Configuration +Improper Check for Certificate Revocation # Affected Compliance @@ -31,13 +31,13 @@ PCI-DSS: 4.1, 6.5.4 # Description -A certificate without revocation information cannot be revoked by its owner in case its private key is compromised. Browsers consult the Certificate Revocation List (CRL) or the Online Certificate Status Protocol (OCSP) endpoints that should be present in the certificate, in order to validate it. -This means that browsers will not warn the user if they visit a site that is using a malicious certificate, for instance in a Man-in-the-Middle attack. +A certificate without revocation information cannot be revoked by its owner in case its private key is compromised. Browsers consult the Certificate Revocation List (CRL) or the Online Certificate Status Protocol (OCSP) endpoints that should be present in the certificate, in order to validate it. +This means that browsers will not warn the user if they visit a site that is using a malicious certificate, for instance in a Man-in-the-Middle attack. For an attacker to take advantage of this vulnerability it must first obtain the private key and be able to monitor the victim traffic, something that is normally hard to achieve. # Generic How-to fix -This vulnerability can be fixed by including a CRL or OSCP endpoint in specific attributes of the Certificate. Certificates generated by a public Certification Authority (CA) normally don't have this problem and when they do, it can be fixed by asking them to include the CRL and/or OCSP endpoint. - -For certificates obtained from other sources, such as self-signed or generated by an internal CA, you must configure the software that generates the certificates to include that information. +This vulnerability can be fixed by including a CRL or OSCP endpoint in specific attributes of the Certificate. Certificates generated by a public Certification Authority (CA) normally don't have this problem and when they do, it can be fixed by asking them to include the CRL and/or OCSP endpoint. + +For certificates obtained from other sources, such as self-signed or generated by an internal CA, you must configure the software that generates the certificates to include that information. Self-signed certificates normally don't have revocation information, especially if they are only used for testing purposes. diff --git a/ckeditor-library-with-known-vulnerabilities.md b/ckeditor-library-with-known-vulnerabilities.md index b590512..0bb901b 100644 --- a/ckeditor-library-with-known-vulnerabilities.md +++ b/ckeditor-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/cookie-without-httponly-flag.md b/cookie-without-httponly-flag.md index 2ace256..3afd52d 100644 --- a/cookie-without-httponly-flag.md +++ b/cookie-without-httponly-flag.md @@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N # CWE ID -CWE-16 +CWE-1004 # CWE NAME -Configuration +Sensitive Cookie Without 'HttpOnly' Flag # Affected Compliance @@ -31,14 +31,14 @@ PCI-DSS: 6.5.10 # Description -Not having the HttpOnly flag means that the cookie can be accessed by client side scripts, such as JavaScript. This vulnerability by itself is not useful to an attacker since he has no control over client side scripts. However, if a Cross Site Scripting (XSS) vulnerability is present, he might be able to introduce a malicious script in the application, and without the HttpOnly flag, he could read the vulnerable cookie's value. - -The most interesting cookie for an attacker is usually the session cookie as it allows him to steal the user's session. Other cookies might be interesting also, depending on the application and the cookie's purposes, so a good rule-of-thumb is to set HttpOnly flag to all cookies. - +Not having the HttpOnly flag means that the cookie can be accessed by client side scripts, such as JavaScript. This vulnerability by itself is not useful to an attacker since he has no control over client side scripts. However, if a Cross Site Scripting (XSS) vulnerability is present, he might be able to introduce a malicious script in the application, and without the HttpOnly flag, he could read the vulnerable cookie's value. + +The most interesting cookie for an attacker is usually the session cookie as it allows him to steal the user's session. Other cookies might be interesting also, depending on the application and the cookie's purposes, so a good rule-of-thumb is to set HttpOnly flag to all cookies. + Mitigating this kind of vulnerability greatly reduces the impact of other possible vulnerabilities, such as XSS, which are very common in most sites. # Generic How-to fix -To fix a vulnerability of this type, you just need to set the HttpOnly flag on the vulnerable cookie, effectively preventing it from being read by client side scripts. - +To fix a vulnerability of this type, you just need to set the HttpOnly flag on the vulnerable cookie, effectively preventing it from being read by client side scripts. + Depending on the language and technologies you are using, setting the HttpOnly flag could mean to enable it or setting it to true, either on the code of the application itself or in a configuration file of the webserver or Content Management System (CMS) you are using. diff --git a/dojo-library-with-known-vulnerabilities.md b/dojo-library-with-known-vulnerabilities.md index 0fdce60..860da3b 100644 --- a/dojo-library-with-known-vulnerabilities.md +++ b/dojo-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/dompurify-library-with-known-vulnerabilities.md b/dompurify-library-with-known-vulnerabilities.md index f439986..384c88b 100644 --- a/dompurify-library-with-known-vulnerabilities.md +++ b/dompurify-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/dwr-library-with-known-vulnerabilities.md b/dwr-library-with-known-vulnerabilities.md index 8b98b56..292fb58 100644 --- a/dwr-library-with-known-vulnerabilities.md +++ b/dwr-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/easyxdm-library-with-known-vulnerabilities.md b/easyxdm-library-with-known-vulnerabilities.md index 014c98c..c265741 100644 --- a/easyxdm-library-with-known-vulnerabilities.md +++ b/easyxdm-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/ember-library-with-known-vulnerabilities.md b/ember-library-with-known-vulnerabilities.md index 4a18eef..45f35ec 100644 --- a/ember-library-with-known-vulnerabilities.md +++ b/ember-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/flowplayer-library-with-known-vulnerabilities.md b/flowplayer-library-with-known-vulnerabilities.md index d8bf6a9..ac9561d 100644 --- a/flowplayer-library-with-known-vulnerabilities.md +++ b/flowplayer-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/handlebars-library-with-known-vulnerabilities.md b/handlebars-library-with-known-vulnerabilities.md index df6438a..881bb15 100644 --- a/handlebars-library-with-known-vulnerabilities.md +++ b/handlebars-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/http-trace-method-enabled.md b/http-trace-method-enabled.md index b84627a..89268c2 100644 --- a/http-trace-method-enabled.md +++ b/http-trace-method-enabled.md @@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N # CWE ID -CWE-16 +CWE-693 # CWE NAME -Configuration +Protection Mechanism Failure # Affected Compliance @@ -29,17 +29,17 @@ OWASP Top 10: A6 # Description -The HTTP TRACE method is used for debugging purposes and therefore should not be enabled. This method causes the web server to include a copy of the received request in the response, so one can see exactly what was received by the server. - +The HTTP TRACE method is used for debugging purposes and therefore should not be enabled. This method causes the web server to include a copy of the received request in the response, so one can see exactly what was received by the server. + The request that reaches the server might contain more information than the one sent by the client. Sensitive information, such as HTTP headers with internal IP or authentication tokens, credentials, etc, could have been added by reverse proxies, something that was otherwise invisible to the client. This information can then be used to improve the successful exploitation of other vulnerabilities. # Generic How-to fix -The HTTP Trace method is a setting configurable at the web server level, thus you can disable it in its configuration file, either globally or per virtual host. - -How to disable it is specific to the web server that you are using, and independent of the language of your application. - -For instance, in an Apache server you disable it in the virtual host configuration file, with: -``` - TraceEnable Off +The HTTP Trace method is a setting configurable at the web server level, thus you can disable it in its configuration file, either globally or per virtual host. + +How to disable it is specific to the web server that you are using, and independent of the language of your application. + +For instance, in an Apache server you disable it in the virtual host configuration file, with: +``` + TraceEnable Off ``` diff --git a/joomla!-version-with-known-vulnerabilities.md b/joomla!-version-with-known-vulnerabilities.md index ce641f2..188b800 100644 --- a/joomla!-version-with-known-vulnerabilities.md +++ b/joomla!-version-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/jplayer-library-with-known-vulnerabilities.md b/jplayer-library-with-known-vulnerabilities.md index 3192c20..c62cf30 100644 --- a/jplayer-library-with-known-vulnerabilities.md +++ b/jplayer-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/jquery-library-with-known-vulnerabilities.md b/jquery-library-with-known-vulnerabilities.md index c613658..15f2325 100644 --- a/jquery-library-with-known-vulnerabilities.md +++ b/jquery-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/jquery-migrate-library-with-known-vulnerabilities.md b/jquery-migrate-library-with-known-vulnerabilities.md index f4ea305..21b2e61 100644 --- a/jquery-migrate-library-with-known-vulnerabilities.md +++ b/jquery-migrate-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/jquery-mobile-library-with-known-vulnerabilities.md b/jquery-mobile-library-with-known-vulnerabilities.md index 86603f6..9cadcb5 100644 --- a/jquery-mobile-library-with-known-vulnerabilities.md +++ b/jquery-mobile-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/jquery-ui-library-with-known-vulnerabilities.md b/jquery-ui-library-with-known-vulnerabilities.md index d1418aa..f179c27 100644 --- a/jquery-ui-library-with-known-vulnerabilities.md +++ b/jquery-ui-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/moment.js-library-with-known-vulnerabilities.md b/moment.js-library-with-known-vulnerabilities.md index 201ee87..839a938 100644 --- a/moment.js-library-with-known-vulnerabilities.md +++ b/moment.js-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/mustache-library-with-known-vulnerabilities.md b/mustache-library-with-known-vulnerabilities.md index b51a230..b23473f 100644 --- a/mustache-library-with-known-vulnerabilities.md +++ b/mustache-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/plupload-library-with-known-vulnerabilities.md b/plupload-library-with-known-vulnerabilities.md index 4b4cccb..1422b3f 100644 --- a/plupload-library-with-known-vulnerabilities.md +++ b/plupload-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/potential-dos-on-tls-client-renegotiation.md b/potential-dos-on-tls-client-renegotiation.md index 1bfbe45..c07ec8c 100644 --- a/potential-dos-on-tls-client-renegotiation.md +++ b/potential-dos-on-tls-client-renegotiation.md @@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L # CWE ID -CWE-264 +CWE-400 # CWE NAME -Permissions, Privileges, and Access Controls +Uncontrolled Resource Consumption # Affected Compliance @@ -31,10 +31,10 @@ PCI-DSS: 4.1, 6.5.4 # Description -The server does not appear to limit the number of client-initiated renegotiation handshakes. Typically, when a client starts a new TLS connection, the server will expend more CPU resources than the client. The client may exploit this resource usage asymmetry to launch a DoS attack over a single TCP connection. - -After connecting, the client may request a large number of renegotiation attempts until the server runs out of CPU. Since a malicious client may launch the attack over a single TCP connection, it could evade rate-limiting rules that may already be in-place by firewalls (e.g., maximum connections per second). - +The server does not appear to limit the number of client-initiated renegotiation handshakes. Typically, when a client starts a new TLS connection, the server will expend more CPU resources than the client. The client may exploit this resource usage asymmetry to launch a DoS attack over a single TCP connection. + +After connecting, the client may request a large number of renegotiation attempts until the server runs out of CPU. Since a malicious client may launch the attack over a single TCP connection, it could evade rate-limiting rules that may already be in-place by firewalls (e.g., maximum connections per second). + The CVE for this type of vulnerability is CVE-2011-1473. # Generic How-to fix diff --git a/prototype-library-with-known-vulnerabilities.md b/prototype-library-with-known-vulnerabilities.md index 327d65b..c755b4a 100644 --- a/prototype-library-with-known-vulnerabilities.md +++ b/prototype-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/react-library-with-known-vulnerabilities.md b/react-library-with-known-vulnerabilities.md index a81a5e7..510038a 100644 --- a/react-library-with-known-vulnerabilities.md +++ b/react-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/secure-renegotiation-is-not-supported.md b/secure-renegotiation-is-not-supported.md index 67df46c..34a9125 100644 --- a/secure-renegotiation-is-not-supported.md +++ b/secure-renegotiation-is-not-supported.md @@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N # CWE ID -CWE-264 +CWE-757 # CWE NAME -Permissions, Privileges, and Access Controls +Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') # Affected Compliance @@ -31,10 +31,10 @@ PCI-DSS: 4.1, 6.5.4 # Description -This SSL/TLS implementation does not appear to handle renegotiation handshakes properly. This may allow an attacker to insert malicious data into the HTTPS connection. A malicious renegotiation allows clients and servers to modify the encryption parameters of an existing connection, for instance to require a weaker authentication mechanism. - -To successfully exploit this vulnerability, the attacker must be able to perform a man-in-the-middle attack, which typically means the attacker is physically close to either the target server or the target victim. This situation is more likely to occur in wireless connections. - +This SSL/TLS implementation does not appear to handle renegotiation handshakes properly. This may allow an attacker to insert malicious data into the HTTPS connection. A malicious renegotiation allows clients and servers to modify the encryption parameters of an existing connection, for instance to require a weaker authentication mechanism. + +To successfully exploit this vulnerability, the attacker must be able to perform a man-in-the-middle attack, which typically means the attacker is physically close to either the target server or the target victim. This situation is more likely to occur in wireless connections. + The CVE for this type of vulnerability is CVE-2009-3555. # Generic How-to fix diff --git a/sessvars-library-with-known-vulnerabilities.md b/sessvars-library-with-known-vulnerabilities.md index 5371ada..6b15f55 100644 --- a/sessvars-library-with-known-vulnerabilities.md +++ b/sessvars-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/swfobject-library-with-known-vulnerabilities.md b/swfobject-library-with-known-vulnerabilities.md index 739c418..5087070 100644 --- a/swfobject-library-with-known-vulnerabilities.md +++ b/swfobject-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/tinymce-library-with-known-vulnerabilities.md b/tinymce-library-with-known-vulnerabilities.md index f69555d..0b12782 100644 --- a/tinymce-library-with-known-vulnerabilities.md +++ b/tinymce-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/untrusted-tls-certificate.md b/untrusted-tls-certificate.md index bd1becf..0a213c9 100644 --- a/untrusted-tls-certificate.md +++ b/untrusted-tls-certificate.md @@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L # CWE ID -CWE-16 +CWE-295 # CWE NAME -Configuration +Improper Certificate Validation # Affected Compliance @@ -31,13 +31,13 @@ PCI-DSS: 4.1, 6.5.4 # Description -The certificate sent by the server is not trusted. - -This may be due to one of the following reasons: - * The requested hostname does not match the CN or SAN attribute of the TLS Certificate; - * The issuer of this certificate is not trusted. This can happen if the certificate is self-signed, or the certificate issuer is not a recognized Certificate Authority; - * The server did not send the complete certificate chain. This usually means that the server did not send a required intermediate CA certificate. - +The certificate sent by the server is not trusted. + +This may be due to one of the following reasons: + * The requested hostname does not match the CN or SAN attribute of the TLS Certificate; + * The issuer of this certificate is not trusted. This can happen if the certificate is self-signed, or the certificate issuer is not a recognized Certificate Authority; + * The server did not send the complete certificate chain. This usually means that the server did not send a required intermediate CA certificate. + If this problem is intermittent, it might be because your site is behind a load balancer, and one of the servers is misconfigured or is sending an incorrect certificate. # Generic How-to fix diff --git a/wordpress-plugin-with-known-vulnerabilities.md b/wordpress-plugin-with-known-vulnerabilities.md index 5cf0491..70f2145 100644 --- a/wordpress-plugin-with-known-vulnerabilities.md +++ b/wordpress-plugin-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/wordpress-version-with-known-vulnerabilities.md b/wordpress-version-with-known-vulnerabilities.md index 03b4a12..1f54e72 100644 --- a/wordpress-version-with-known-vulnerabilities.md +++ b/wordpress-version-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME diff --git a/yui-library-with-known-vulnerabilities.md b/yui-library-with-known-vulnerabilities.md index 6f01e8c..9b71575 100644 --- a/yui-library-with-known-vulnerabilities.md +++ b/yui-library-with-known-vulnerabilities.md @@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N # CWE ID -CWE-1035 +CWE-1395 # CWE NAME