Mixed Resource Detection

Medium Web Application Scanning Plugin ID 98091


Mixed Resource Detection


Scanner discovered that the affected site is utilising both HTTP and HTTPS. While
the HTML code is served over HTTPS, the server is also serving resources over an
unencrypted channel, which can lead to the compromise of data, while providing a
false sense of security to the user.


All pages and/or resources on the affected site should be secured equally, utilising the latest and most secure encryption protocols. These include SSL version 3.0 and TLS version 1.2.
While TLS 1.2 is the latest and the most preferred protocol, not all browsers will support this encryption method. Therefore, the more common SSL is included. Older protocols such as SSL version 2, and weak ciphers (< 128 bit) should also be disabled.

See Also


Plugin Details

Severity: Medium

ID: 98091

Type: remote

Published: 2017/03/31

Updated: 2017/10/17

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N