GovWay Console di Monitoraggio

Analisi per la console di monitoraggio di GovWay

Generated on Sat, 11 Apr 2026 17:33:29

ZAP Version: 2.17.0

ZAP by Checkmarx

Summary of Alerts

Risk Level	Number of Alerts
High	0
Medium	0
Low	0
Informational	0

Alerts

Name	Risk Level	Number of Instances

Passing Rules

Name	Rule Type	Threshold	Strength
Remote Code Execution - Shell Shock	Active	MEDIUM	MEDIUM
Path Traversal	Active	MEDIUM	MEDIUM
Remote File Inclusion	Active	MEDIUM	MEDIUM
Server Side Include	Active	MEDIUM	MEDIUM
Cross Site Scripting (Reflected)	Active	MEDIUM	MEDIUM
Cross Site Scripting (Persistent)	Active	MEDIUM	MEDIUM
Heartbleed OpenSSL Vulnerability	Active	MEDIUM	MEDIUM
Cross Site Scripting (Persistent) - Prime	Active	MEDIUM	MEDIUM
Cross Site Scripting (Persistent) - Spider	Active	MEDIUM	MEDIUM
Source Code Disclosure - CVE-2012-1823	Active	MEDIUM	MEDIUM
SQL Injection	Active	MEDIUM	MEDIUM
Remote Code Execution - CVE-2012-1823	Active	MEDIUM	MEDIUM
SQL Injection - MySQL (Time Based)	Active	MEDIUM	MEDIUM
External Redirect	Active	MEDIUM	MEDIUM
SQL Injection - Hypersonic SQL (Time Based)	Active	MEDIUM	MEDIUM
SQL Injection - Oracle (Time Based)	Active	MEDIUM	MEDIUM
SQL Injection - PostgreSQL (Time Based)	Active	MEDIUM	MEDIUM
Source Code Disclosure - /WEB-INF Folder	Active	MEDIUM	MEDIUM
Session Management Response Identified	Passive	MEDIUM	-
Verification Request Identified	Passive	MEDIUM	-
Private IP Disclosure	Passive	MEDIUM	-
Session ID in URL Rewrite	Passive	MEDIUM	-
Script Served From Malicious Domain (polyfill)	Passive	MEDIUM	-
ZAP is Out of Date	Passive	MEDIUM	-
Insecure JSF ViewState	Passive	MEDIUM	-
Sub Resource Integrity Attribute Missing	Passive	MEDIUM	-
Vulnerable JS Library (Powered by Retire.js)	Passive	MEDIUM	-
Java Serialization Object	Passive	MEDIUM	-
In Page Banner Information Leak	Passive	MEDIUM	-
Charset Mismatch	Passive	MEDIUM	-
Cookie No HttpOnly Flag	Passive	MEDIUM	-
Cookie Without Secure Flag	Passive	MEDIUM	-
Re-examine Cache-control Directives	Passive	MEDIUM	-
Cross-Domain JavaScript Source File Inclusion	Passive	MEDIUM	-
Content-Type Header Missing	Passive	MEDIUM	-
Anti-clickjacking Header	Passive	MEDIUM	-
X-Content-Type-Options Header Missing	Passive	MEDIUM	-
Application Error Disclosure	Passive	MEDIUM	-
Information Disclosure - Debug Error Messages	Passive	MEDIUM	-
Information Disclosure - Sensitive Information in URL	Passive	MEDIUM	-
Information Disclosure - Sensitive Information in HTTP Referrer Header	Passive	MEDIUM	-
Information Disclosure - Suspicious Comments	Passive	MEDIUM	-
Off-site Redirect	Passive	MEDIUM	-
Cookie Poisoning	Passive	MEDIUM	-
User Controllable Charset	Passive	MEDIUM	-
WSDL File Detection	Passive	MEDIUM	-
User Controllable HTML Element Attribute (Potential XSS)	Passive	MEDIUM	-
Loosely Scoped Cookie	Passive	MEDIUM	-
Viewstate	Passive	MEDIUM	-
Directory Browsing	Passive	MEDIUM	-
Heartbleed OpenSSL Vulnerability (Indicative)	Passive	MEDIUM	-
Strict-Transport-Security Header	Passive	MEDIUM	-
HTTP Server Response Header	Passive	MEDIUM	-
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)	Passive	MEDIUM	-
Content Security Policy (CSP) Header Not Set	Passive	MEDIUM	-
X-Backend-Server Header Information Leak	Passive	MEDIUM	-
Secure Pages Include Mixed Content	Passive	MEDIUM	-
HTTP to HTTPS Insecure Transition in Form Post	Passive	MEDIUM	-
HTTPS to HTTP Insecure Transition in Form Post	Passive	MEDIUM	-
User Controllable JavaScript Event (XSS)	Passive	MEDIUM	-
Big Redirect Detected (Potential Sensitive Information Leak)	Passive	MEDIUM	-
Retrieved from Cache	Passive	MEDIUM	-
X-ChromeLogger-Data (XCOLD) Header Information Leak	Passive	MEDIUM	-
Cookie without SameSite Attribute	Passive	MEDIUM	-
CSP	Passive	MEDIUM	-
X-Debug-Token Information Leak	Passive	MEDIUM	-
Username Hash Found	Passive	MEDIUM	-
X-AspNet-Version Response Header	Passive	MEDIUM	-
PII Disclosure	Passive	MEDIUM	-
Script Passive Scan Rules	Passive	MEDIUM	-
Stats Passive Scan Rule	Passive	MEDIUM	-
Absence of Anti-CSRF Tokens	Passive	MEDIUM	-
Timestamp Disclosure	Passive	MEDIUM	-
Hash Disclosure	Passive	MEDIUM	-
Cross-Domain Misconfiguration	Passive	MEDIUM	-
Weak Authentication Method	Passive	MEDIUM	-
Reverse Tabnabbing	Passive	MEDIUM	-
Modern Web Application	Passive	MEDIUM	-
Authentication Request Identified	Passive	MEDIUM	-

Sites

Number of Sites tree nodes actively scanned: 1

http://127.0.0.1:8080/govwayMonitor/stat/pages/list/configurazioniGenerali.jsf

HTTP Response Code	Number of Responses

No Authentication Statistics Found

Parameter Name	Type	Flags	Times Used	# Values

GovWay Console di Monitoraggio

Generated on Sat, 11 Apr 2026 17:33:29

ZAP Version: 2.17.0

ZAP by Checkmarx

Summary of Alerts

Alerts

Passing Rules

Sites

http://127.0.0.1:8080/govwayMonitor/stat/pages/list/configurazioniGenerali.jsf

No Authentication Statistics Found

Alert Detail