Split Viewstate in Use

Home/Alerts/Alert detail/

Risk:
Informational

Type:
Passive

CWE:
CWE-642

Summary: This website uses ASP.NET’s Viewstate and its value is split into several chunks.

Solution: None - the guys running the server may have tuned the configuration as this isn't the default setting.

Top Security News

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Download: CIS Critical Security Controls v8.1

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Common Alerts

HighOpen Redirect

InformationalInformation Disclosure - Sensitive Information in URL

MediumWeak Authentication Method

HighRemote Code Execution - CVE-2012-1823

MediumAuthentication Credentials Captured

HighSQL Injection - MySQL

InformationalCookie Poisoning

MediumCSP: style-src unsafe-hashes

MediumInsecure HTTP Method

HighHeartbleed OpenSSL Vulnerability

Latest CVE List

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

Common CWEs

CWE-1384 Improper Handling of Physical or Environmental Conditions

HighCWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

CWE-53 Path Equivalence: '\multiple\\internal\backslash'

HighCWE-360 Trust of System Event Data

CWE-187 Partial String Comparison

CWE-1103 Use of Platform-Dependent Third Party Components

CWE-132 DEPRECATED: Miscalculated Null Termination

CWE-23 Relative Path Traversal

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1421 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution

Free security scan for your website

Don't show website scan report rating on the leaderboard