Sec-Fetch-Dest Header is Missing

Home/Alerts/Alert detail/

Risk:
Informational

Type:
Passive

CWE:
CWE-352

Summary: Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.

Solution: Ensure that Sec-Fetch-Dest header is included in request headers.

References: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest

Top Security News

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Download: CIS Critical Security Controls v8.1

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Common Alerts

HighServer Side Code Injection - ASP Code Injection

LowDeprecated Feature Policy Header Set

InformationalCross Site Scripting (Persistent) - Spider

LowServer Leaks Version Information via "Server" HTTP Response Header Field

MediumWeak Authentication Method

HighCross-Domain Misconfiguration - Adobe - Send

HighNoSQL Injection - MongoDB (Time Based)

MediumSub Resource Integrity Attribute Missing

InformationalSec-Fetch-User Header Has an Invalid Value

HighCross Site Scripting (Reflected)

Top CVE List

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Common CWEs

CWE-1332 Improper Handling of Faults that Lead to Instruction Skips

CWE-204 Observable Response Discrepancy

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE-35 Path Traversal: '.../...//'

CWE-1289 Improper Validation of Unsafe Equivalence in Input

CWE-918 Server-Side Request Forgery (SSRF)

CWE-1296 Incorrect Chaining or Granularity of Debug Components

CWE-1051 Initialization with Hard-Coded Network Resource Configuration Data

MediumCWE-665 Improper Initialization

HighCWE-306 Missing Authentication for Critical Function

Free security scan for your website

Don't show website scan report rating on the leaderboard