Home/Alerts/Alert detail/

Bypassing 403

Risk:
Medium

Type:
Active

Summary: Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200).

References

https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/

https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf

https://www.contextis.com/en/blog/server-technologies-reverse-proxy-bypass

Top Security News

Clop ransomware is now extorting 66 Cleo data-theft victims

Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%

Windows Server 2025 released—here are the new features

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Massive healthcare breaches prompt US cybersecurity rules overhaul

Common Alerts

HighGeneric Padding Oracle

HighHeartbleed OpenSSL Vulnerability

InformationalSec-Fetch-User Header is Missing

MediumCSP: script-src unsafe-inline

InformationalInformation Disclosure - Sensitive Information in HTTP Referrer Header

LowMultiple HREFs Redirect Detected (Potential Sensitive Information Leak)

InformationalPossible Username Enumeration

LowBig Redirect Detected (Potential Sensitive Information Leak)

InformationalRetrieved from Cache

InformationalCookie Slack Detector

Top CVE List

CVE-2024-3393 Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2020-35730 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2021-44207 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability

CVE-2020-5849 Unraid Authentication Bypass Vulnerability

CVE-2023-41992 Apple Multiple Products Kernel Privilege Escalation Vulnerability

CVE-2024-12356 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability

CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability

CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability

CVE-2024-43491 Microsoft Windows Update Use-After-Free Vulnerability

Common CWEs

CWE-58 Path Equivalence: Windows 8.3 Filename

CWE-1122 Excessive Halstead Complexity

CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption

CWE-912 Hidden Functionality

CWE-203 Observable Discrepancy

CWE-386 Symbolic Name not Mapping to Correct Object

CWE-546 Suspicious Comment

CWE-656 Reliance on Security Through Obscurity

CWE-927 Use of Implicit Intent for Sensitive Communication

CWE-339 Small Seed Space in PRNG

Free online web security scanner

Don't show website scan report rating on the leaderboard