Wapiti vulnerability report

Target: http://localhost:8080/tomcat-webapp-boilerplate/app

Date of the scan: Sat, 14 Sep 2024 00:42:09 +0000. Scope of the scan: folder. Crawled pages: 1

Summary

Category Number of vulnerabilities found
Backup file 0
Weak credentials 0
CRLF Injection 0
Content Security Policy Configuration 1
Cross Site Request Forgery 0
Potentially dangerous file 0
Command execution 0
Path Traversal 0
Fingerprint web application framework 0
Fingerprint web server 0
Htaccess Bypass 0
HTML Injection 0
HTTP Secure Headers 2
HttpOnly Flag cookie 0
Unencrypted Channels 0
Log4Shell 0
Open Redirect 0
Reflected Cross Site Scripting 0
Secure Flag cookie 0
Spring4Shell 0
SQL Injection 0
TLS/SSL misconfigurations 0
Server Side Request Forgery 0
Stored HTML Injection 0
Stored Cross Site Scripting 0
Subdomain takeover 0
Blind SQL Injection 0
Unrestricted File Upload 0
XML External Entity 0
Internal Server Error 0
Resource consumption 0
Review Webserver Metafiles for Information Leakage 0
Fingerprint web technology 0
HTTP Methods 0

Content Security Policy Configuration

Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

🟡 Vulnerability found in /tomcat-webapp-boilerplate/app

CSP is not set
Solutions
Configuring Content Security Policy involves adding the Content-Security-Policy HTTP header to a web page and giving it values to control what resources the user agent is allowed to load for that page.
References

HTTP Secure Headers

Description
HTTP security headers tell the browser how to behave when handling the website's content.

🟡 Vulnerability found in /tomcat-webapp-boilerplate/app

X-Frame-Options is not set

🟡 Vulnerability found in /tomcat-webapp-boilerplate/app

X-Content-Type-Options is not set
Solutions
Use the recommendations for hardening your HTTP Security Headers.
References