Sec-Fetch-Site Header Has an Invalid Value

Home/Alerts/Alert detail/

Risk:
Informational

Type:
Passive

CWE:
CWE-352

Summary: Specifies the relationship between request initiator’s origin and target’s origin.

Solution: Sec-Fetch-Site header must have one of the following values: same-origin, same-site, cross-origin, or none.

References: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site

Top Security News

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Truist Bank confirms breach after stolen data shows up on hacking forum

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

CISA proposes new security requirements to protect govt, personal data

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

DDoS site Dstat.cc seized and two suspects arrested in Germany

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Common Alerts

HighPath Traversal

LowFull Path Disclosure

InformationalBase64 Disclosure

InformationalStrict-Transport-Security Header on Plain HTTP Response

MediumCross-Domain Misconfiguration

HighSQL Injection - SQLite

MediumCORS Misconfiguration

InformationalImage Exposes Location or Privacy Data

InformationalCORS Header

LowCookie with SameSite Attribute None

Top CVE List

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2022-3075 Google Chromium Mojo Insufficient Data Validation Vulnerability

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2020-3452 Cisco ASA and FTD Read-Only Path Traversal Vulnerability

CVE-2020-3837 Apple Multiple Products Memory Corruption Vulnerability

CVE-2021-34486 Microsoft Windows Event Tracing Privilege Escalation Vulnerability

CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability

Top CWE List

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

MediumCWE-250 Execution with Unnecessary Privileges

CWE-328 Use of Weak Hash

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1426 Improper Validation of Generative AI Output

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-290 Authentication Bypass by Spoofing

CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action

MediumCWE-353 Missing Support for Integrity Check

Free security scan for your website

Don't show website scan report rating on the leaderboard