Skip to content

Commit 669fb09

Browse files
psiinonpsiinon
authored
Merge pull request #1850 from zapbot/update-site-content
Update site content
2 parents e665a4d + 05a997b commit 669fb09

File tree

9 files changed

+123
-3
lines changed

9 files changed

+123
-3
lines changed

alerttags/hipaa/index.html

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,12 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
205205
</tr>
206206

207207

208+
<tr>
209+
<td><a href="/docs/alerts/40015/">LDAP Injection</a></td>
210+
<td><a href=""></a></td>
211+
</tr>
212+
213+
208214
<tr>
209215
<td><a href="/docs/alerts/40043-1/">Log4Shell (CVE-2021-44228)</a></td>
210216
<td><a href=""></a></td>
@@ -217,6 +223,18 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
217223
</tr>
218224

219225

226+
<tr>
227+
<td><a href="/docs/alerts/40033/">NoSQL Injection - MongoDB</a></td>
228+
<td><a href=""></a></td>
229+
</tr>
230+
231+
232+
<tr>
233+
<td><a href="/docs/alerts/90039/">NoSQL Injection - MongoDB (Time Based)</a></td>
234+
<td><a href=""></a></td>
235+
</tr>
236+
237+
220238
<tr>
221239
<td><a href="/docs/alerts/40031/">Out of Band XSS</a></td>
222240
<td><a href=""></a></td>
@@ -337,6 +355,12 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
337355
</tr>
338356

339357

358+
<tr>
359+
<td><a href="/docs/alerts/40039/">Web Cache Deception</a></td>
360+
<td><a href=""></a></td>
361+
</tr>
362+
363+
340364
<tr>
341365
<td><a href="/docs/alerts/90023/">XML External Entity Attack</a></td>
342366
<td><a href=""></a></td>

alerttags/hipaa/index.xml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,13 @@
7777
<guid>/docs/alerts/20019-4/</guid>
7878
<description>&lt;p&gt;URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.&lt;/p&gt;</description>
7979
</item>
80+
<item>
81+
<title>LDAP Injection</title>
82+
<link>/docs/alerts/40015/</link>
83+
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
84+
<guid>/docs/alerts/40015/</guid>
85+
<description>&lt;p&gt;LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.&lt;/p&gt;</description>
86+
</item>
8087
<item>
8188
<title>Log4Shell (CVE-2021-44228)</title>
8289
<link>/docs/alerts/40043-1/</link>
@@ -91,6 +98,20 @@
9198
<guid>/docs/alerts/40043-2/</guid>
9299
<description>&lt;p&gt;It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.&lt;/p&gt;</description>
93100
</item>
101+
<item>
102+
<title>NoSQL Injection - MongoDB</title>
103+
<link>/docs/alerts/40033/</link>
104+
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
105+
<guid>/docs/alerts/40033/</guid>
106+
<description>&lt;p&gt;MongoDB query injection may be possible.&lt;/p&gt;</description>
107+
</item>
108+
<item>
109+
<title>NoSQL Injection - MongoDB (Time Based)</title>
110+
<link>/docs/alerts/90039/</link>
111+
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
112+
<guid>/docs/alerts/90039/</guid>
113+
<description>&lt;p&gt;MongoDB query injection may be possible.&lt;/p&gt;</description>
114+
</item>
94115
<item>
95116
<title>Out of Band XSS</title>
96117
<link>/docs/alerts/40031/</link>
@@ -231,6 +252,13 @@
231252
<guid>/docs/alerts/40047/</guid>
232253
<description>&lt;p&gt;Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).&lt;/p&gt;</description>
233254
</item>
255+
<item>
256+
<title>Web Cache Deception</title>
257+
<link>/docs/alerts/40039/</link>
258+
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
259+
<guid>/docs/alerts/40039/</guid>
260+
<description>&lt;p&gt;Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.&lt;/p&gt;</description>
261+
</item>
234262
<item>
235263
<title>XML External Entity Attack</title>
236264
<link>/docs/alerts/90023/</link>

alerttags/pci_dss/index.html

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,12 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
187187
</tr>
188188

189189

190+
<tr>
191+
<td><a href="/docs/alerts/40015/">LDAP Injection</a></td>
192+
<td><a href=""></a></td>
193+
</tr>
194+
195+
190196
<tr>
191197
<td><a href="/docs/alerts/40043-1/">Log4Shell (CVE-2021-44228)</a></td>
192198
<td><a href=""></a></td>
@@ -199,6 +205,18 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
199205
</tr>
200206

201207

208+
<tr>
209+
<td><a href="/docs/alerts/40033/">NoSQL Injection - MongoDB</a></td>
210+
<td><a href=""></a></td>
211+
</tr>
212+
213+
214+
<tr>
215+
<td><a href="/docs/alerts/90039/">NoSQL Injection - MongoDB (Time Based)</a></td>
216+
<td><a href=""></a></td>
217+
</tr>
218+
219+
202220
<tr>
203221
<td><a href="/docs/alerts/40031/">Out of Band XSS</a></td>
204222
<td><a href=""></a></td>
@@ -319,6 +337,12 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
319337
</tr>
320338

321339

340+
<tr>
341+
<td><a href="/docs/alerts/40039/">Web Cache Deception</a></td>
342+
<td><a href=""></a></td>
343+
</tr>
344+
345+
322346
<tr>
323347
<td><a href="/docs/alerts/90023/">XML External Entity Attack</a></td>
324348
<td><a href=""></a></td>

alerttags/pci_dss/index.xml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,13 @@
5656
<guid>/docs/alerts/90025/</guid>
5757
<description>&lt;p&gt;The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.&lt;/p&gt;</description>
5858
</item>
59+
<item>
60+
<title>LDAP Injection</title>
61+
<link>/docs/alerts/40015/</link>
62+
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
63+
<guid>/docs/alerts/40015/</guid>
64+
<description>&lt;p&gt;LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.&lt;/p&gt;</description>
65+
</item>
5966
<item>
6067
<title>Log4Shell (CVE-2021-44228)</title>
6168
<link>/docs/alerts/40043-1/</link>
@@ -70,6 +77,20 @@
7077
<guid>/docs/alerts/40043-2/</guid>
7178
<description>&lt;p&gt;It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.&lt;/p&gt;</description>
7279
</item>
80+
<item>
81+
<title>NoSQL Injection - MongoDB</title>
82+
<link>/docs/alerts/40033/</link>
83+
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
84+
<guid>/docs/alerts/40033/</guid>
85+
<description>&lt;p&gt;MongoDB query injection may be possible.&lt;/p&gt;</description>
86+
</item>
87+
<item>
88+
<title>NoSQL Injection - MongoDB (Time Based)</title>
89+
<link>/docs/alerts/90039/</link>
90+
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
91+
<guid>/docs/alerts/90039/</guid>
92+
<description>&lt;p&gt;MongoDB query injection may be possible.&lt;/p&gt;</description>
93+
</item>
7394
<item>
7495
<title>Out of Band XSS</title>
7596
<link>/docs/alerts/40031/</link>
@@ -210,6 +231,13 @@
210231
<guid>/docs/alerts/40047/</guid>
211232
<description>&lt;p&gt;Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).&lt;/p&gt;</description>
212233
</item>
234+
<item>
235+
<title>Web Cache Deception</title>
236+
<link>/docs/alerts/40039/</link>
237+
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
238+
<guid>/docs/alerts/40039/</guid>
239+
<description>&lt;p&gt;Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.&lt;/p&gt;</description>
240+
</item>
213241
<item>
214242
<title>XML External Entity Attack</title>
215243
<link>/docs/alerts/90023/</link>

docs/alerts/40015/index.html

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -190,10 +190,14 @@ <h1 class="text--white">LDAP Injection</h1>
190190
</td>
191191
<td>
192192

193+
<a href="/alerttags/hipaa">HIPAA</a><br>
194+
193195
<a href="/alerttags/owasp_2017_a01">OWASP_2017_A01</a><br>
194196

195197
<a href="/alerttags/owasp_2021_a03">OWASP_2021_A03</a><br>
196198

199+
<a href="/alerttags/pci_dss">PCI_DSS</a><br>
200+
197201
<a href="/alerttags/policy_pentest">POLICY_PENTEST</a><br>
198202

199203
<a href="/alerttags/wstg-v42-inpv-06">WSTG-V42-INPV-06</a><br>

docs/alerts/40033/index.html

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -190,10 +190,14 @@ <h1 class="text--white">NoSQL Injection - MongoDB</h1>
190190
</td>
191191
<td>
192192

193+
<a href="/alerttags/hipaa">HIPAA</a><br>
194+
193195
<a href="/alerttags/owasp_2017_a01">OWASP_2017_A01</a><br>
194196

195197
<a href="/alerttags/owasp_2021_a03">OWASP_2021_A03</a><br>
196198

199+
<a href="/alerttags/pci_dss">PCI_DSS</a><br>
200+
197201
<a href="/alerttags/policy_pentest">POLICY_PENTEST</a><br>
198202

199203
<a href="/alerttags/wstg-v42-inpv-05">WSTG-V42-INPV-05</a><br>

docs/alerts/40039/index.html

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -161,8 +161,8 @@ <h1 class="text--white">Web Cache Deception</h1>
161161
<strong>CWE</strong>
162162
</td>
163163
<td>
164-
<a href="https://cwe.mitre.org/data/definitions/.html">
165-
164+
<a href="https://cwe.mitre.org/data/definitions/444.html">
165+
444
166166
</a>
167167
</td>
168168
</tr>
@@ -188,10 +188,14 @@ <h1 class="text--white">Web Cache Deception</h1>
188188
</td>
189189
<td>
190190

191+
<a href="/alerttags/hipaa">HIPAA</a><br>
192+
191193
<a href="/alerttags/owasp_2017_a06">OWASP_2017_A06</a><br>
192194

193195
<a href="/alerttags/owasp_2021_a05">OWASP_2021_A05</a><br>
194196

197+
<a href="/alerttags/pci_dss">PCI_DSS</a><br>
198+
195199
<a href="/alerttags/policy_pentest">POLICY_PENTEST</a><br>
196200

197201
<a href="/alerttags/wstg-v42-athn-06">WSTG-V42-ATHN-06</a><br>

docs/alerts/90039/index.html

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -192,10 +192,14 @@ <h1 class="text--white">NoSQL Injection - MongoDB (Time Based)</h1>
192192

193193
<a href="/alerttags/cwe-943">CWE-943</a><br>
194194

195+
<a href="/alerttags/hipaa">HIPAA</a><br>
196+
195197
<a href="/alerttags/owasp_2017_a01">OWASP_2017_A01</a><br>
196198

197199
<a href="/alerttags/owasp_2021_a03">OWASP_2021_A03</a><br>
198200

201+
<a href="/alerttags/pci_dss">PCI_DSS</a><br>
202+
199203
<a href="/alerttags/policy_pentest">POLICY_PENTEST</a><br>
200204

201205
<a href="/alerttags/test_timing">TEST_TIMING</a><br>

docs/alerts/index.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2097,7 +2097,7 @@ <h1 class="text--white">ZAP Alert Details</h1>
20972097
<td>alpha</td>
20982098
<td>Medium</td>
20992099
<td>Active</td>
2100-
<td class='td-non-mobile'></td>
2100+
<td class='td-non-mobile'>444</td>
21012101
<td class='td-non-mobile'></td>
21022102
</tr>
21032103

0 commit comments

Comments
 (0)