Detections
Analytics
HTTPS Not Detected
high Web App Scanning Plugin ID 112543
Language:
Synopsis
HTTPS Not DetectedDescription
HTTPS is a protocol that protects the integrity and confidentiality of data between client and server. HTTPS is highly recommended to protect connections to website regardless of its content.Solution
Enable HTTPS following best practices.See Also
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
Plugin Details
Severity: High
ID: 112543
Type: remote
Family: SSL/TLS
Published: 2/5/2019
Updated: 3/13/2024
Scan Template: api, basic, config_audit, full, overview, pci, quick, scan, ssl_tls
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.1
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: High
Base Score: 7.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS Score Source: Tenable
Reference Information
CWE: 319
OWASP: 2010-A9, 2013-A6, 2017-A3, 2021-A2
WASC: Insufficient Transport Layer Protection
DISA STIG: APSC-DV-000170
HIPAA: 164.312(a), 164.312(e)
ISO: 27001-A.10.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.18.1.5
NIST: sp800_53-SC-13
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-9.1.1
PCI-DSS: 3.2-6.5.4