ZAP Scanning Report

Summary of Alerts

Risk LevelNumber of Alerts
High0
Medium1
Low4
Informational0

Alert Detail

Medium (Medium)Application Error Disclosure

Description

This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.

URL

https://workterra.net/Platform/HomePage/SearchEmployee

    Method

GET

    Evidence

internal error

URL

https://workterra.net/WORKTERRA/

    Method

POST

    Evidence

HTTP/1.1 500 Internal Server Error

URL

https://workterra.net/Platform/PTHomePage/PlatformHomePage

    Method

GET

    Evidence

internal error

URL

https://workterra.net/Platform/UserDetails/UserDetails/ChangePassword

    Method

GET

    Evidence

internal error

URL

https://workterra.net/Platform/

    Method

POST

    Evidence

HTTP/1.1 500 Internal Server Error

URL

https://workterra.net/Platform/bundles/CommonJS?v=vI2J04AyFO0hS9wMzG4Iz0imWNN02ek41TBcSQ2vD1c1

    Method

GET

    Evidence

internal error

Instances

6

Solution

Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.

Reference

CWE Id

200

WASC Id

13

Source ID

3

Low (Medium)X-Content-Type-Options Header Missing

Description

The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

URL

http://detectportal.firefox.com/success.txt

    Method

GET

    Parameter

X-Content-Type-Options

Instances

1

Solution

Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

Other information

This issue still applies to error type pages (401, 403, 500, etc) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

At "High" threshold this scanner will not alert on client or server error responses.

Reference

http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx

https://www.owasp.org/index.php/List_of_useful_HTTP_headers

CWE Id

16

WASC Id

15

Source ID

3

Low (Medium)Incomplete or No Cache-control and Pragma HTTP Header Set

Description

The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content.

URL

https://workterra.net/WORKTERRA/Content/logincss.css

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/PTHomePage/PlatformHomePage

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Assets/StyleSheet/master.css

    Method

GET

    Parameter

Cache-Control

URL

https://workterra.net/WORKTERRA/Login/ForgotPassword?Length=5

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/PlatformSharedBase/GetEmployeePopUpDetailsSearchEmployeeGrid

    Method

POST

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/Documents/TermsofUse.html

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/Documents/PrivacyPolicy.html

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/WORKTERRA/Content/dd.css

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/PlatformSharedBase/GetEmployeePopUpDetailsCollection?_=1510749159078

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/PlatformSharedBase/GetCompanyDetails?_=1510749052343

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/PlatformSharedBase/GetCompanyDetails?_=1510749086092

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/PlatformSharedBase/GetEmployeePopUpDetailsCollection?_=1510749137430

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/WORKTERRA/Documents/PrivacyPolicy.html

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform//PTHomePage/QuickLinksPV?TargetElement=Widget_0

    Method

POST

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/WORKTERRA/Content/CSS?v=6af__RVpdTa1NuabO_R6IZZGs5_M1bE0nMsedxiiYeg1

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/Login/Login

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/WORKTERRA

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform//PTHomePage/SystemUtilizationPV?TargetElement=Widget_1

    Method

POST

    Parameter

Cache-Control

    Evidence

no-cache

URL

https://workterra.net/Platform/Content/DatatableCSS?v=04xESqF1GqxuiyGi15K8YalVTwRKrPIbqqTCm5SwZpM1

    Method

GET

    Parameter

Cache-Control

    Evidence

no-cache

Instances

40

Solution

Whenever possible ensure the cache-control HTTP header is set with no-cache, no-store, must-revalidate; and that the pragma HTTP header is set with no-cache.

Reference

https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Web_Content_Caching

CWE Id

525

WASC Id

13

Source ID

3

Low (Medium)Password Autocomplete in Browser

Description

The AUTOCOMPLETE attribute is not disabled on an HTML FORM/INPUT element containing password type input. Passwords may be stored in browsers and retrieved.

URL

https://workterra.net/Platform/UserDetails/UserDetails/ChangePassword

    Method

GET

    Parameter

dummytest

    Evidence

<input type="password" name ="dummytest" style="display:none;">

Instances

1

Solution

Turn off the AUTOCOMPLETE attribute in forms or individual input elements containing password inputs by using AUTOCOMPLETE='OFF'.

Reference

http://www.w3schools.com/tags/att_input_autocomplete.asp

https://msdn.microsoft.com/en-us/library/ms533486%28v=vs.85%29.aspx

CWE Id

525

WASC Id

15

Source ID

3

Low (Medium)Cookie No HttpOnly Flag

Description

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

URL

https://workterra.net/Platform/

    Method

POST

    Parameter

IdForLoginValidation

    Evidence

Set-Cookie: IdForLoginValidation

Instances

1

Solution

Ensure that the HttpOnly flag is set for all cookies.

Reference

http://www.owasp.org/index.php/HttpOnly

CWE Id

16

WASC Id

13

Source ID

3