ZAP Scanning Report

Generated with ZAP on seg. 11 mar. 2024, at 23:01:38

ZAP Version: 2.14.0

Contents

About this report

Report parameters

Contexts

No contexts were selected, so all contexts were included by default.

Sites

The following sites were included:

  • http://localhost:8082

(If no sites were selected, all sites were included by default.)

An included site must also be within one of the included contexts for its data to be included in the report.

Risk levels

Included: Alto, Médio, Baixo, Informativo

Excluded: None

Confidence levels

Included: User Confirmed, Alto, Médio, Baixo

Excluded: User Confirmed, Alto, Médio, Baixo, Falso Positivo

Summaries

Alert counts by risk and confidence

This table shows the number of alerts for each level of risk and confidence included in the report.

(The percentages in brackets represent the count as a percentage of the total number of alerts included in the report, rounded to one decimal place.)
Confidence
User Confirmed Alto Médio Baixo Total
Risk Alto 0
(0,0%)		 0
(0,0%)		 0
(0,0%)		 0
(0,0%)		 0
(0,0%)
Médio 0
(0,0%)		 0
(0,0%)		 0
(0,0%)		 0
(0,0%)		 0
(0,0%)
Baixo 0
(0,0%)		 0
(0,0%)		 0
(0,0%)		 0
(0,0%)		 0
(0,0%)
Informativo 0
(0,0%)		 1
(100,0%)		 0
(0,0%)		 0
(0,0%)		 1
(100,0%)
Total 0
(0,0%)		 1
(100,0%)		 0
(0,0%)		 0
(0,0%)		 1
(100%)

Alert counts by site and risk

This table shows, for each site for which one or more alerts were raised, the number of alerts raised at each risk level.

Alerts with a confidence level of "False Positive" have been excluded from these counts.

(The numbers in brackets are the number of alerts raised for the site at or above that risk level.)
Risk
Alto
(= Alto) 		Médio
(>= Médio) 		Baixo
(>= Baixo) 		Informativo
(>= Informativo)
Site http://localhost:8082 0
(0)		 0
(0)		 0
(0)		 1
(1)

Alert counts by alert type

This table shows the number of alerts of each alert type, together with the alert type's risk level.

(The percentages in brackets represent each count as a percentage, rounded to one decimal place, of the total number of alerts included in this report.)
Alert type Risk Count
Session Management Response Identified Informativo 1
(100,0%)
Total 1

Alerts

  1. Risk=Informativo, Confidence=Alto (1)

    1. http://localhost:8082 (1)

      1. Session Management Response Identified (1)
        1. GET http://localhost:8082/api/v1/products/category/LANCHE?page=0&size=10
          Alert tags
          Alert description

          The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.
          Other info

          cookie:JSESSIONID
          Request
          Request line and header section (397 bytes) 
          GET http://localhost:8082/api/v1/products/category/LANCHE?page=0&size=10 HTTP/1.1
X-Content-Type-Options: nosniff
User-Agent: PostmanRuntime/7.28.1
Accept: */*
Postman-Token: 0bc13908-80b7-4b72-9074-f68a21d5a8d8
Connection: keep-alive
Cookie: JSESSIONID=EF3927CDD52863910C834E54DC7D6D90
Referer: http://localhost:8082/api/v1/products/category/LANCHE?page=0&size=10
host: localhost:8082
          Request body (0 bytes)
          Response
          Status line and header section (303 bytes) 
          HTTP/1.1 200
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Date: Tue, 12 Mar 2024 02:00:59 GMT
Keep-Alive: timeout=60
Connection: keep-alive
content-length: 170
          Response body (170 bytes) 
          {"code":200,"body":[{"sku":"65efab871c5ba5178ce3e871","title":"X salada","category":"LANCHE","description":"test","price":12.1,"image":"test"}],"hasNext":false,"total":1}
          Parameter 
          JSESSIONID
          Evidence 
          EF3927CDD52863910C834E54DC7D6D90
          Solution

          This is an informational alert rather than a vulnerability and so there is nothing to fix.

Appendix

Alert types

This section contains additional information on the types of alerts in the report.

  1. Session Management Response Identified

    Source raised by a passive scanner (Session Management Response Identified)
    Reference
    1. https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id