excal04 / scanviz Goto Github PK
View Code? Open in Web Editor NEWNetwork Scan Visualization - Experimental Application
License: MIT License
scanviz's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Watchers
scanviz's Issues
Scan on 2017-03-15 11:06:53
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
General
Scan on 2017-03-15 11:06:53
-
ID: NOCVE
* Family/Group: SSL and TLS
* Description: SSL/TLS: MissingsecureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection.
* Port / Type: 443 / tcp
* Severity: medium--- * ID: NOCVE * Family/Group: Web application abuses * Description: Missing `httpOnly` Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. * Port / Type: 443 / tcp * Severity: _medium_ --- * ID: NOCVE * Family/Group: Web application abuses * Description: Missing `httpOnly` Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. * Port / Type: 80 / tcp * Severity: _medium_ --- * ID: NOCVE * Family/Group: General * Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to computethe uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
* Port / Type: None / tcp
* Severity: low---
Standard outputs should not be used directly to log anything
Risk: Medium
Code
https://github.com/excal04/sonar-lang-test/blob/ba68d50e2920e45dce4720d982aa868d0786d4cf/HelloJava/HelloJava.java
Description
When logging a message there are several important requirements which must be fulfilled:
- The user must be able to easily retrieve the logs
- The format of all logged message must be uniform to allow the user to easily read the log
- Logged data must actually be recorded
- Sensitive data must only be logged securely
If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.
Noncompliant Code Example
System.out.println("My Message"); // Noncompliant
Compliant Solution
logger.log("My Message");
See
- CERT, ERR02-J. - Prevent exceptions while logging data
Recommendation
Replace this use of System.out or System.err by a logger.
View this finding in Storyfier
Horangi detected this issue on 2018-01-24 10:33:00
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on 2017-03-15 11:06:53
NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: low
xss custom 3
Risk: informational
Description
random description. use for delete
References
random references
Implication
random implication
Recommendation
needs to be mapped to a scan definition
Parameters
Account gid: <% account_gid %>
Region: wLykULLgyjoA
Resource type : zmIel
Resources
- {'gid': 'ZIplESirqQzAHtyBnsSHTPKjZEyMTRGo'}
Related Resources
<% related_resources %>
Horangi detected this issue on 2019-03-20 01:00:00.759000
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Standard outputs should not be used directly to log anything
Code
https://github.com/excal04/sonar-lang-test/blob/ba68d50e2920e45dce4720d982aa868d0786d4cf/HelloJava/HelloJava.java
Risk: Medium
Description
When logging a message there are several important requirements which must be fulfilled:
- The user must be able to easily retrieve the logs
- The format of all logged message must be uniform to allow the user to easily read the log
- Logged data must actually be recorded
- Sensitive data must only be logged securely
If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.
Noncompliant Code Example
System.out.println("My Message"); // Noncompliant
Compliant Solution
logger.log("My Message");
See
- CERT, ERR02-J. - Prevent exceptions while logging data
Recommendation
Replace this use of System.out or System.err by a logger.
View this finding in Storyfier
Horangi detected this issue on 2018-01-24 10:33:00
Scan on 2017-03-15 11:06:53
NOCVE (SSL and TLS)
SSL/TLS: Missing secure Cookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection.
Port: 443 / tcp
Severity: medium
NOCVE (Web application abuses)
Missing httpOnly Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie.
Port: 443 / tcp
Severity: medium
NOCVE (Web application abuses)
Missing httpOnly Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie.
Port: 80 / tcp
Severity: medium
NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: low
Buffer Underflow
Details
- ID: a1f40e323b06d43d7f9fa6d5a2ccdbfc
- Affected Hosts: 129.9.9.1
- First seen: 2014-02-91
Description
Dummy Description
Recommendation:
rm -rf
test1
test
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
NOCVE
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
General
Standard outputs should not be used directly to log anything
- Finding: Standard outputs should not be used directly to log anything
- Code:
https://github.com/excal04/sonar-lang-test/blob/ba68d50e2920e45dce4720d982aa868d0786d4cf/HelloJava/HelloJava.java - Risk: Medium
Description
When logging a message there are several important requirements which must be fulfilled:
- The user must be able to easily retrieve the logs
- The format of all logged message must be uniform to allow the user to easily read the log
- Logged data must actually be recorded
- Sensitive data must only be logged securely
If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.
Noncompliant Code Example
System.out.println("My Message"); // Noncompliant
Compliant Solution
logger.log("My Message");
See
- CERT, ERR02-J. - Prevent exceptions while logging data
Recommendation
Replace this use of System.out or System.err by a logger.
View this finding in Storyfier
Horangi detected this issue on 2018-01-24 10:33:00
Scan on 2017-03-15 11:06:53
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
General
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Standard outputs should not be used directly to log anything
- Finding: Standard outputs should not be used directly to log anything
- Code: ['https://github.com/excal04/sonar-lang-test/blob/ba68d50e2920e45dce4720d982aa868d0786d4cf/HelloJava/HelloJava.java']
- Risk: Medium
Description
When logging a message there are several important requirements which must be fulfilled:
- The user must be able to easily retrieve the logs
- The format of all logged message must be uniform to allow the user to easily read the log
- Logged data must actually be recorded
- Sensitive data must only be logged securely
If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.
Noncompliant Code Example
System.out.println("My Message"); // Noncompliant
Compliant Solution
logger.log("My Message");
See
- CERT, ERR02-J. - Prevent exceptions while logging data
Recommendation
Replace this use of System.out or System.err by a logger.
View this finding in Storyfier
Horangi detected this issue on 2018-01-24 10:33:00
Scan on 2017-03-15 11:06:53
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Fixed
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on 2017-03-15 11:06:53
NOCVE (SSL and TLS)
SSL/TLS: Missing secure Cookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection.
Port: 443 / tcp
Severity: medium
NOCVE (Web application abuses)
Missing httpOnly Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie.
Port: 443 / tcp
Severity: medium
NOCVE (Web application abuses)
Missing httpOnly Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie.
Port: 80 / tcp
Severity: medium
NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: low
test title
the quick
brown fox.
Scan on March 15 2017, 11:06 AM UTC
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on 2017-03-15 11:06:53
NOCVE (SSL and TLS)
SSL/TLS: Missing `secure` Cookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection.
Port: 443 / tcp
Severity: Severity.medium
---
### NOCVE (Web application abuses)
Missing httpOnly Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie.
Port: 443 / tcp
Severity: Severity.medium
---
### NOCVE (Web application abuses)
Missing httpOnly Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie.
Port: 80 / tcp
Severity: Severity.medium
---
### NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: Severity.low
---
Scan on 2017-03-15 11:06:53
NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: low
Scan on March 15 2017, 11:06 AM UTC
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on 2017-03-15 11:06:53
NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: low
NOCVE
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
General
Standard outputs should not be used directly to log anything
- Finding: Standard outputs should not be used directly to log anything
- Code: ['https://github.com/excal04/sonar-lang-test/blob/ba68d50e2920e45dce4720d982aa868d0786d4cf/HelloJava/HelloJava.java']
- Risk: Medium
Description
When logging a message there are several important requirements which must be fulfilled:
- The user must be able to easily retrieve the logs
- The format of all logged message must be uniform to allow the user to easily read the log
- Logged data must actually be recorded
- Sensitive data must only be logged securely
If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.
Noncompliant Code Example
System.out.println("My Message"); // Noncompliant
Compliant Solution
logger.log("My Message");
See
- CERT, ERR02-J. - Prevent exceptions while logging data
Recommendation
Replace this use of System.out or System.err by a logger.
View this finding in Storyfier
Horangi detected this issue on 2018-01-24 10:33:00
Buffer Underflow
Details
- ID: a1f40e323b06d43d7f9fa6d5a2ccdbfc
- Affected Hosts: 129.9.9.1
- First seen: 2014-02-91
Description
Programmers should not comment out code as it bloats programs and reduces readability.
Unused code should be deleted and can be retrieved from source control history if required.
See
- MISRA C:2004, 2.4 - Sections of code should not be "commented out".
- MISRA C++:2008, 2-7-2 - Sections of code shall not be "commented out" using C-style comments.
- MISRA C++:2008, 2-7-3 - Sections of code should not be "commented out" using C++ comments.
- MISRA C:2012, Dir. 4.4 - Sections of code should not be "commented out"
rm -rf
Scan on 2017-03-15 11:06:53
NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: low
Scan on 2017-03-15 11:06:53
NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: low
Buffer Underflow
Details
- ID: a1f40e323b06d43d7f9fa6d5a2ccdbfc
- Affected Hosts: 129.9.9.1
- First seen: 2014-02-91
Description
Dummy Description
Recommendation
rm -rf
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on 2017-03-15 11:06:53
NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: low
Scan on 2017-03-15 11:06:53
-
ID: NOCVE
* Family/Group: SSL and TLS
* Description: SSL/TLS: MissingsecureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection.
* Port / Type: 443 / tcp
* Severity: medium--- * ID: NOCVE * Family/Group: Web application abuses * Description: Missing `httpOnly` Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. * Port / Type: 443 / tcp * Severity: _medium_ --- * ID: NOCVE * Family/Group: Web application abuses * Description: Missing `httpOnly` Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. * Port / Type: 80 / tcp * Severity: _medium_ --- * ID: NOCVE * Family/Group: General * Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to computethe uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
* Port / Type: None / tcp
* Severity: low---
Scan on March 15 2017, 11:06 AM UTC
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
Scan on 2017-03-15 11:06:53
NOCVE (General)
TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
Port: None / tcp
Severity: low
Scan on 2017-03-15 11:06:53
-
ID: NOCVE
* Family/Group: SSL and TLS
* Description: SSL/TLS: MissingsecureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection.
* Port / Type: 443 / tcp
* Severity: medium--- * ID: NOCVE * Family/Group: Web application abuses * Description: Missing `httpOnly` Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. * Port / Type: 443 / tcp * Severity: _medium_ --- * ID: NOCVE * Family/Group: Web application abuses * Description: Missing `httpOnly` Cookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. * Port / Type: 80 / tcp * Severity: _medium_ --- * ID: NOCVE * Family/Group: General * Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to computethe uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps
* Port / Type: None / tcp
* Severity: low---
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on Mar 15 2017 11:06 UTC
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on March 15 2017, 11:06 AM UTC
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Standard outputs should not be used directly to log anything
Risk: Medium
Code
Description
When logging a message there are several important requirements which must be fulfilled:
- The user must be able to easily retrieve the logs
- The format of all logged message must be uniform to allow the user to easily read the log
- Logged data must actually be recorded
- Sensitive data must only be logged securely
If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.
Noncompliant Code Example
System.out.println("My Message"); // Noncompliant
Compliant Solution
logger.log("My Message");
See
- CERT, ERR02-J. - Prevent exceptions while logging data
Recommendation
Replace this use of System.out or System.err by a logger.
View this finding in Storyfier
Horangi detected this issue on 2018-01-24 10:33:00
Standard outputs should not be used directly to log anything
- Code:
https://github.com/excal04/sonar-lang-test/blob/ba68d50e2920e45dce4720d982aa868d0786d4cf/HelloJava/HelloJava.java - Risk: Medium
Description
When logging a message there are several important requirements which must be fulfilled:
- The user must be able to easily retrieve the logs
- The format of all logged message must be uniform to allow the user to easily read the log
- Logged data must actually be recorded
- Sensitive data must only be logged securely
If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.
Noncompliant Code Example
System.out.println("My Message"); // Noncompliant
Compliant Solution
logger.log("My Message");
See
- CERT, ERR02-J. - Prevent exceptions while logging data
Recommendation
Replace this use of System.out or System.err by a logger.
View this finding in Storyfier
Horangi detected this issue on 2018-01-24 10:33:00
Scan on 2017-03-15 11:06:53
NOCVE (SSL and TLS)
SSL/TLS: Missing secure Cookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection.
Port: 443 / tcp
Severity: medium
Scan on 2017-03-15 11:06:53
- Resolved
- ID: NOCVE
- Family/Group: SSL and TLS
- Description: SSL/TLS: Missing
secureCookie Attribute|The host is running a server with SSL/TLS and is prone to information
disclosure vulnerability.|Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 443 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: Web application abuses
- Description: Missing
httpOnlyCookie Attribute|The application is missing the 'httpOnly' cookie attribute|Set the 'httpOnly' attribute for any session cookie. - Port / Type: 80 / tcp
- Severity: medium
- Resolved
- ID: NOCVE
- Family/Group: General
- Description: TCP timestamps|The remote host implements TCP timestamps and therefore allows to compute
the uptime.|To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps - Port / Type: None / tcp
- Severity: low
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.