安全检测结果报告.docxVIP

AWVS平安监测后发现的问题整体截图: B-哥 Scan Thread 1 ( ://192.168.0,222:8080... Finished (46 alerts)g Web Alerts (46) -i-? Directory traversal in Spring framew.,. /css/login.css- O Vulnerable Javascript library (1) /js/jquery-1.7.2.min. js 。Weak password (1)L U /login 3-? Apache JServ protocol service (1) Server)?? HTML form without CSRF protection /login /skysafe/index}?-? Slow Denial of Service Attack (1) Web Server i-? User credentials are sent in clear te.., /login /skysafe/index + ??? Clickjacking: X-Frame-Options heade. + ??Cookie without Only flag set (1) ±i-? Cookie without Secure Flag set (2) + ??? Login page password-guessing attac. + ??? Content type is not specified (22) + ??。GHDB: Apache Tomcat Error messag. + ?- @ Password type input with auto-comp. + Q Knowledge Base (5) + Site Structure问题个数 A acunetix threat level Acunetix Threat Level 3 Level 3: HighOne or more high-severity tpe vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website. Level 3: High Total alerts found O High O Medium 。LowInformational 高级别漏洞问题截图1： 攻击的细节连接之间的时差：9968 ms 中级别漏洞问题截图5： User credentials are sent in cleartext medkjm Vulnerability descriptionUser credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel ( S) to avoid being intercepted by malicious users. This vulnerability affects /login. Discovered by: Crawler. Attack details Form name: empty Form action: ://192.168.0.222:8080/login Form method: POST Form inputs: username [Text] password [Password]翻译： 用户凭证都以明文形式发送 漏洞描述： 用户凭证传输通过未加密的通道。这个信息应该通过加密传输通道（ S）,以防止被恶意用户拦截。 这个漏洞影响/login。 发现:履带。 攻击的细节表单名称：empty 表单操作： ://192.168.0.222:8080/login形式方法：POST 表单输入： 用户名（文本）密码（密码） 中级别漏洞问题截图6： User credentials are sent in clear text medium Vulnerability description User credentials are transmitted over an unencrypted channel. This information should alway