Probely · tmendo · May 17, 2026
@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,30 +17,30 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-16
+CWE-693
 
 # CWE NAME 
 
-Configuration
+Protection Mechanism Failure
 
 # Affected Compliance
 
 OWASP Top 10: A6
 
 # Description
 
-The application allows browsers to try to mime-sniff the content-type of the responses. This means the browser may try to guess the content-type by looking at the response content, and render it in way it was not intended to. This behavior may lead to the execution of malicious code, for instance, to explore an XSS vulnerability.
-
-Applications should disable this behavior, forcing browsers to honor the content-type specified in the response. Without a specific content-type set browsers will default to render the content as text, turning XSS payloads innocuous.
-
+The application allows browsers to try to mime-sniff the content-type of the responses. This means the browser may try to guess the content-type by looking at the response content, and render it in way it was not intended to. This behavior may lead to the execution of malicious code, for instance, to explore an XSS vulnerability.
+
+Applications should disable this behavior, forcing browsers to honor the content-type specified in the response. Without a specific content-type set browsers will default to render the content as text, turning XSS payloads innocuous.
+
 Disabling mime-sniffing should be seen as an extra layer of defense against XSS, and not as replacement of the recommended XSS prevention techniques.
 
 # Generic How-to fix
 
-This problem can be fixed by sending the header **X-Content-Type-Options** with value **nosniff**, to force browsers to disable the content-type guessing (the sniffing).
-
-The header should look this:
-
-	X-Content-Type-Options: nosniff
-
+This problem can be fixed by sending the header **X-Content-Type-Options** with value **nosniff**, to force browsers to disable the content-type guessing (the sniffing).
+
+The header should look this:
+
+	X-Content-Type-Options: nosniff
+
 It is normally easy to enable the header in the web server configuration file, but it can also be done at application level.
@@ -17,34 +17,34 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-16
+CWE-693
 
 # CWE NAME 
 
-Configuration
+Protection Mechanism Failure
 
 # Affected Compliance
 
 OWASP Top 10: A6
 
 # Description
 
-The application explicitly disables the browser Cross-Site Scripting (XSS) filter functionality, thus reducing the level of protection browsers provide to users.
-The XSS filter detects and blocks the execution of malicious code that may be present in an URL, reducing the chances of an attacker being able to explore a XSS vulnerability in the application.
-
+The application explicitly disables the browser Cross-Site Scripting (XSS) filter functionality, thus reducing the level of protection browsers provide to users.
+The XSS filter detects and blocks the execution of malicious code that may be present in an URL, reducing the chances of an attacker being able to explore a XSS vulnerability in the application.
+
 This filter should be seen as an extra layer of defense against XSS, and not as replacement of the recommended XSS prevention techniques.
 
 # Generic How-to fix
 
-This problem is caused because the application sends the header **X-XSS-Protection** with value **0**, so can either stop sending the header or changing it to **1**.
-
-By default, browsers have the XSS protection enabled, therefore not sending the header at all will keep the XSS filter enabled.
-Sending the header with **1** will enable the protection, if not already. The header will look like this:
-
-	X-XSS-Protection: 1
-
-Additionally there is one optional directive for this header: **mode=block**.   
-
-	X-XSS-Protection: 1; mode=block
-
+This problem is caused because the application sends the header **X-XSS-Protection** with value **0**, so can either stop sending the header or changing it to **1**.
+
+By default, browsers have the XSS protection enabled, therefore not sending the header at all will keep the XSS filter enabled.
+Sending the header with **1** will enable the protection, if not already. The header will look like this:
+
+	X-XSS-Protection: 1
+
+Additionally there is one optional directive for this header: **mode=block**.   
+
+	X-XSS-Protection: 1; mode=block
+
 This directive instructs the browser to stop rendering the page if a malicious payload is detected in URL, instead of sanitizing the URL by removing the malicious parts, which is the default behavior. Blocking rendering is safer, since it prevents side effects caused by sanitization.
@@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-310
+CWE-326
 
 # CWE NAME 
 
-Cryptographic Issues
+Inadequate Encryption Strength
 
 # Affected Compliance
 
@@ -31,20 +31,20 @@ PCI-DSS: 4.1, 6.5.4
 
 # Description
 
-We identified one or more issues with your X509 server certificate, which are detailed further below.
-
-This finding usually means that the certificate was emitted with insecure attributes. Common examples include:
-
-  * Using 1024-bit RSA keys;
-  * Using the MD5 hashing algorithm for digital signatures;
+We identified one or more issues with your X509 server certificate, which are detailed further below.
+
+This finding usually means that the certificate was emitted with insecure attributes. Common examples include:
+
+  * Using 1024-bit RSA keys;
+  * Using the MD5 hashing algorithm for digital signatures;
   * Having an invalid `keyUsage` attribute. For example, using a certificate whose purpose does not allow it to be used for Digital Signature or Key Agreement.
 
 # Generic How-to fix
 
-Please replace your X509 certificate as soon as possible. Use a certificate from a Certification Authority trusted by modern browsers, which should guarantee it fulfills all security requirements. If you are unsure about choosing a Certificate Authority, we recommend [Let's Encrypt](https://letsencrypt.org/). Let's Encrypt provides modern X509 certificates at no cost.
-
-If you are using an internal Certificate Authority, or are using self-signed certificates, please ensure that the following requirements are met:
-
-  * Use RSA certificates with, at least, 2048-bit key size, or EC certificates with, at least, 256-bit key size;
-  * Ensure that a strong hash function is used in the certificate digital signature, such as SHA-256;
+Please replace your X509 certificate as soon as possible. Use a certificate from a Certification Authority trusted by modern browsers, which should guarantee it fulfills all security requirements. If you are unsure about choosing a Certificate Authority, we recommend [Let's Encrypt](https://letsencrypt.org/). Let's Encrypt provides modern X509 certificates at no cost.
+
+If you are using an internal Certificate Authority, or are using self-signed certificates, please ensure that the following requirements are met:
+
+  * Use RSA certificates with, at least, 2048-bit key size, or EC certificates with, at least, 256-bit key size;
+  * Ensure that a strong hash function is used in the certificate digital signature, such as SHA-256;
   * Ensure that the `keyUsage` attribute has the required flags: Digital Signature and Key Agreement.
@@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
 
 # CWE ID
 
-CWE-16
+CWE-299
 
 # CWE NAME 
 
-Configuration
+Improper Check for Certificate Revocation
 
 # Affected Compliance
 
@@ -31,13 +31,13 @@ PCI-DSS: 4.1, 6.5.4
 
 # Description
 
-A certificate without revocation information cannot be revoked by its owner in case its private key is compromised. Browsers consult the Certificate Revocation List (CRL) or the Online Certificate Status Protocol (OCSP) endpoints that should be present in the certificate, in order to validate it. 
-This means that browsers will not warn the user if they visit a site that is using a malicious certificate, for instance in a Man-in-the-Middle attack. 
+A certificate without revocation information cannot be revoked by its owner in case its private key is compromised. Browsers consult the Certificate Revocation List (CRL) or the Online Certificate Status Protocol (OCSP) endpoints that should be present in the certificate, in order to validate it. 
+This means that browsers will not warn the user if they visit a site that is using a malicious certificate, for instance in a Man-in-the-Middle attack. 
 For an attacker to take advantage of this vulnerability it must first obtain the private key and be able to monitor the victim traffic, something that is normally hard to achieve.
 
 # Generic How-to fix
 
-This vulnerability can be fixed by including a CRL or OSCP endpoint in specific attributes of the Certificate. Certificates generated by a public Certification Authority (CA) normally don't have this problem and when they do, it can be fixed by asking them to include the CRL and/or OCSP endpoint.
-
-For certificates obtained from other sources, such as self-signed or generated by an internal CA, you must configure the software that generates the certificates to include that information.
+This vulnerability can be fixed by including a CRL or OSCP endpoint in specific attributes of the Certificate. Certificates generated by a public Certification Authority (CA) normally don't have this problem and when they do, it can be fixed by asking them to include the CRL and/or OCSP endpoint.
+
+For certificates obtained from other sources, such as self-signed or generated by an internal CA, you must configure the software that generates the certificates to include that information.
 Self-signed certificates normally don't have revocation information, especially if they are only used for testing purposes.
@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,11 +17,11 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
 
 # CWE ID
 
-CWE-16
+CWE-1004
 
 # CWE NAME 
 
-Configuration
+Sensitive Cookie Without 'HttpOnly' Flag
 
 # Affected Compliance
 
@@ -31,14 +31,14 @@ PCI-DSS: 6.5.10
 
 # Description
 
-Not having the HttpOnly flag means that the cookie can be accessed by client side scripts, such as JavaScript. This vulnerability by itself is not useful to an attacker since he has no control over client side scripts. However, if a Cross Site Scripting (XSS) vulnerability is present, he might be able to introduce a malicious script in the application, and without the HttpOnly flag, he could read the vulnerable cookie's value.
-
-The most interesting cookie for an attacker is usually the session cookie as it allows him to steal the user's session. Other cookies might be interesting also, depending on the application and the cookie's purposes, so a good rule-of-thumb is to set HttpOnly flag to all cookies.
-
+Not having the HttpOnly flag means that the cookie can be accessed by client side scripts, such as JavaScript. This vulnerability by itself is not useful to an attacker since he has no control over client side scripts. However, if a Cross Site Scripting (XSS) vulnerability is present, he might be able to introduce a malicious script in the application, and without the HttpOnly flag, he could read the vulnerable cookie's value.
+
+The most interesting cookie for an attacker is usually the session cookie as it allows him to steal the user's session. Other cookies might be interesting also, depending on the application and the cookie's purposes, so a good rule-of-thumb is to set HttpOnly flag to all cookies.
+
 Mitigating this kind of vulnerability greatly reduces the impact of other possible vulnerabilities, such as XSS, which are very common in most sites.
 
 # Generic How-to fix
 
-To fix a vulnerability of this type, you just need to set the HttpOnly flag on the vulnerable cookie, effectively preventing it from being read by client side scripts.
-
+To fix a vulnerability of this type, you just need to set the HttpOnly flag on the vulnerable cookie, effectively preventing it from being read by client side scripts.
+
 Depending on the language and technologies you are using, setting the HttpOnly flag could mean to enable it or setting it to true, either on the code of the application itself or in a configuration file of the webserver or Content Management System (CMS) you are using.
@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,29 +17,29 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
 
 # CWE ID
 
-CWE-16
+CWE-693
 
 # CWE NAME 
 
-Configuration
+Protection Mechanism Failure
 
 # Affected Compliance
 
 OWASP Top 10: A6
 
 # Description
 
-The HTTP TRACE method is used for debugging purposes and therefore should not be enabled. This method causes the web server to include a copy of the received request in the response, so one can see exactly what was received by the server.
-
+The HTTP TRACE method is used for debugging purposes and therefore should not be enabled. This method causes the web server to include a copy of the received request in the response, so one can see exactly what was received by the server.
+
 The request that reaches the server might contain more information than the one sent by the client. Sensitive information, such as HTTP headers with internal IP or authentication tokens, credentials, etc, could have been added by reverse proxies, something that was otherwise invisible to the client. This information can then be used to improve the successful exploitation of other vulnerabilities.
 
 # Generic How-to fix
 
-The HTTP Trace method is a setting configurable at the web server level, thus you can disable it in its configuration file, either globally or per virtual host.
-
-How to disable it is specific to the web server that you are using, and independent of the language of your application. 
-
-For instance, in an Apache server you disable it in the virtual host configuration file, with:
-```
-    TraceEnable Off
+The HTTP Trace method is a setting configurable at the web server level, thus you can disable it in its configuration file, either globally or per virtual host.
+
+How to disable it is specific to the web server that you are using, and independent of the language of your application. 
+
+For instance, in an Apache server you disable it in the virtual host configuration file, with:
+```
+    TraceEnable Off
 ```
@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME 
 

@@ -17,7 +17,7 @@ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
 
 # CWE ID
 
-CWE-1035
+CWE-1395
 
 # CWE NAME