|Paid content will be excluded from the download.
| Matches : 909
|Information written to log files can be of a sensitive nature
and give valuable guidance to an attacker or expose sensitive user
The software uses CRLF (carriage return line feeds) as a
special element, e.g. to separate lines or records, but it does not neutralize
or incorrectly neutralizes CRLF sequences from inputs.
The product uses a fixed or controlled search path to find
resources, but one or more locations in that path can be under the control of
The software receives data from an upstream component, but does
not neutralize or incorrectly neutralizes CR and LF characters before the data
is included in outgoing HTTP headers.
The product uses a Pseudo-Random Number Generator (PRNG) in a
security context, but the PRNG is not cryptographically
The product subtracts one value from another, such that the
result is less than the minimum allowable integer value, which produces a value
that is not equal to the correct result.
According to WASC, "Insufficient Session Expiration is when a
web site permits an attacker to reuse old session credentials or session IDs for
Authenticating a user, or otherwise establishing a new user
session, without invalidating any existing session identifier gives an attacker
the opportunity to steal authenticated sessions.
The application does not sufficiently restrict access to a log
file that is used for debugging.
The software does not check or improperly checks for unusual or
exceptional conditions that are not expected to occur frequently during day to
day operation of the software.
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90
© 2013 SecPod Technologies