Merge pull request #1353 from zapbot/update-site-content

zaproxy · Feb 9, 2024 · e0591fd · e0591fd
2 parents ea33bf3 + f7e4569
commit e0591fd
Show file tree

Hide file tree

Showing 60 changed files with 1,385 additions and 110 deletions.
diff --git a/alerttags/cwe-287/index.html b/alerttags/cwe-287/index.html
@@ -170,6 +170,12 @@ <h4><a href="https://cwe.mitre.org/data/definitions/287.html">https://cwe.mitre.
                   <td><a href=""></a></td>
                </tr>
 
+
+               <tr>
+                  <td><a href="/docs/alerts/10105-1/">Authentication Credentials Captured</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
          </tbody>
       </table>
    </div>

diff --git a/alerttags/cwe-287/index.xml b/alerttags/cwe-287/index.xml
@@ -14,5 +14,12 @@
       <guid>/docs/alerts/10101/</guid>
       <description>Insufficient Authentication occurs when a web site permits an attacker to access sensitive content or functionality without having to properly authenticate. Web-based administration tools are a good example of web sites providing access to sensitive functionality. Depending on the specific online resource, these web applications should not be directly accessible without requiring the user to properly verify their identity.</description>
     </item>
+    <item>
+      <title>Authentication Credentials Captured</title>
+      <link>/docs/alerts/10105-1/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/10105-1/</guid>
+      <description>An insecure authentication mechanism is in use. This allows an attacker on the network access to the userid and password of the authenticated user. For Basic Authentication, the attacker must merely monitor the network traffic until a Basic Authentication request is received, and then base64 decode the username and password.</description>
+    </item>
   </channel>
 </rss>
diff --git a/alerttags/cwe-326/index.html b/alerttags/cwe-326/index.html
@@ -0,0 +1,241 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">
+  <meta name="description" content="The world’s most widely used web app scanner. Free and open source. Actively maintained by a dedicated international team of volunteers. A GitHub Top 1000 project.">
+
+  <link rel="alternate" type="application/rss+xml" href="/alerttags/cwe-326/index.xml" title="ZAP" />
+  <title>ZAP &ndash; CWE-326</title>
+
+  <link rel="shortcut icon" href="/img/favicon.ico" type="image/x-icon" />
+  <link href="https://fonts.googleapis.com/css?family=Quicksand:500,700" rel="stylesheet">
+  <link href="https://fonts.googleapis.com/css?family=Istok+Web|Open+Sans:400,700|Rubik&display=swap" rel="stylesheet">
+  <script src="https://cdnjs.cloudflare.com/ajax/libs/lunr.js/2.3.6/lunr.min.js"></script>
+
+  <script async src="https://www.googletagmanager.com/gtag/js?id=G-JDLGW1172L"></script>
+  <script>
+    window.dataLayer = window.dataLayer || [];
+    function gtag(){dataLayer.push(arguments);}
+    gtag('js', new Date());
+    gtag('config', 'G-JDLGW1172L');
+  </script>
+
+
+
+    <link href="/main.23c036.css" rel="stylesheet">
+
+</head>
+<body>
+<div id="page-container">
+ <div id="content-wrap">
+  <header class="site-header">
+    <div class="wrapper flex jc-sb ai-c">
+    <div class="flex">
+        <a href="/" aria-label="return to landing page" class="logo">
+            <svg xmlns="http://www.w3.org/2000/svg" width="55px" viewBox="0 0 54.98 55"><defs><radialGradient id="a" cx="29.16" cy="29.18" r="25.82" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#4389ff"/><stop offset="1" stop-color="#00549e"/></radialGradient></defs><circle cx="29.16" cy="29.18" r="25.82" fill="url(#a)"/><path d="M2.17 10.82L22.67 2a.34.34 0 0 1 .42.12l11.08 15.74a.37.37 0 0 1-.18.57l-3 1a.37.37 0 0 0-.16.58l8.75 11a.37.37 0 0 1-.19.59l-3.79.93a.37.37 0 0 0-.2.59l12.92 16.32a.36.36 0 0 1-.44.55l-29-16.74a.37.37 0 0 1 .05-.66l3.5-1.39a.37.37 0 0 0 .07-.64l-11.78-8.5a.38.38 0 0 1 .07-.64l2.69-1.18a.37.37 0 0 0 .06-.64L2.1 11.46a.37.37 0 0 1 .07-.64z" fill="#fff"/><path d="M22.8 2a.35.35 0 0 1 .29.15l11.08 15.71a.37.37 0 0 1-.18.57l-3 1a.37.37 0 0 0-.16.58l8.75 11a.37.37 0 0 1-.19.59l-3.79.93a.37.37 0 0 0-.2.59l12.92 16.32a.37.37 0 0 1-.27.6.3.3 0 0 1-.17 0l-29-16.74a.37.37 0 0 1 .05-.66l3.5-1.39a.37.37 0 0 0 .07-.64l-11.78-8.5a.38.38 0 0 1 .07-.64l2.69-1.18a.37.37 0 0 0 .06-.64L2.1 11.46a.37.37 0 0 1 .07-.64L22.67 2a.31.31 0 0 1 .13 0m0-2a2.22 2.22 0 0 0-.91.19L1.4 9a2.32 2.32 0 0 0-.43 4l9.16 6.52-.14.06a2.34 2.34 0 0 0-.42 4L19 30.45l-.81.32a2.33 2.33 0 0 0-.3 4.17l29 16.74a2.23 2.23 0 0 0 1.15.31 2.32 2.32 0 0 0 1.8-3.76L38.48 33.82l1.41-.34A2.32 2.32 0 0 0 41.52 32a2.36 2.36 0 0 0-.38-2.2l-7.34-9.26.79-.26a2.29 2.29 0 0 0 1.48-1.46 2.36 2.36 0 0 0-.3-2.08L24.68 1a2.3 2.3 0 0 0-1.88-1z"/></svg>
+        </a>
+        <nav class="site-nav" role="navigation">
+        <div>
+            <h1>&nbsp;<a href="/">ZAP</a></h1>
+        </div>
+        </nav>
+    </div>
+    <div class="nav-content flex">
+      <nav class="site-nav" role="navigation">
+        <div class="hamburger-icon">
+          <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M0 0h24v24H0z" fill="none"/><path d="M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z"/></svg>
+        </div>
+        <input class="hamburger-click" aria-label="site menu" type="checkbox" />
+        <ul id="primary-menu" class="flex">
+
+
+
+              <li class="">
+                  <a href="/" title="Home page">
+                  Home
+                </a>
+              </li>
+
+
+
+              <li class="">
+                  <a href="/blog/" title="Blog page">
+                  Blog
+                </a>
+              </li>
+
+
+
+              <li class="">
+                  <a href="/videos/" title="Videos page">
+                  Videos
+                </a>
+              </li>
+
+
+
+              <li class="">
+                  <a href="/docs/" title="Documentation page">
+                  Documentation
+                </a>
+              </li>
+
+
+
+              <li class="">
+                  <a href="/community/" title="Community page">
+                  Community
+                </a>
+              </li>
+
+
+
+              <li class="">
+                  <a href="/sponsor/" title="Sponsor page">
+                  Sponsor
+                </a>
+              </li>
+
+
+          <li id="search-menu">
+            <a class="toggler" href="#">
+              <img height="20" width="20" src="/img/search.svg" alt="Search icon"/>
+            </a>
+
+            <form data-no-csrf action="/search">
+              <input type="text" name="q" placeholder="Search ..." style="width: 100%" />
+            </form>
+          </li>
+        </ul>
+      </nav>
+      <div class="download-button">
+        <a id="cta-download" href="/download/" class="button button--orange">Download</a>
+      </div>
+      <div class="social-links header-social">
+        <ul class="flex ai-c no-list-style m-10 px-20">
+          <li>
+            <a href="https://github.com/zaproxy" aria-label="Go to ZAP's GitHub repo"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.36 18.88"><path d="M9.68 0a9.68 9.68 0 0 0-3.06 18.86c.48.09.64-.21.64-.46v-1.8C4.57 17.18 4 15.45 4 15.45A2.57 2.57 0 0 0 2.93 14c-.88-.6.07-.59.07-.59a2 2 0 0 1 1.48 1 2.06 2.06 0 0 0 2.82.8A2 2 0 0 1 7.91 14c-2.15-.29-4.41-1.12-4.41-4.83a3.72 3.72 0 0 1 1-2.59A3.53 3.53 0 0 1 4.59 4s.82-.26 2.67 1a9 9 0 0 1 4.84 0c1.9-1.25 2.66-1 2.66-1a3.49 3.49 0 0 1 .1 2.57 3.71 3.71 0 0 1 1 2.59c0 3.72-2.26 4.54-4.42 4.78a2.3 2.3 0 0 1 .67 1.79v2.67c0 .25.15.56.64.46A9.68 9.68 0 0 0 9.68 0z" fill="#00549e"/></svg></a>
+          </li>
+          <li>
+              <a href="https://twitter.com/zaproxy" aria-label="Follow ZAP on Twitter"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.36 15.73"><path d="M19.36 1.86a8 8 0 0 1-2.28.63 3.94 3.94 0 0 0 1.74-2.2 7.53 7.53 0 0 1-2.52 1 4 4 0 0 0-6.77 3.59A11.29 11.29 0 0 1 1.35.73 4 4 0 0 0 2.58 6a3.91 3.91 0 0 1-1.8-.5A4 4 0 0 0 4 9.48a4 4 0 0 1-1.79.06 4 4 0 0 0 3.67 2.76A8 8 0 0 1 0 14a11.32 11.32 0 0 0 6.09 1.78A11.24 11.24 0 0 0 17.38 3.92a8.08 8.08 0 0 0 1.98-2.06z" fill="#00549e"/></svg></a>
+          </li>
+        </ul>
+      </div>
+    </div>
+
+
+  </div>
+</header>
+
+
+<section class="bolt-header">
+  <div class="wrapper py-20">
+
+      <h1 class="text--white">Alert Tag:  CWE-326</h1>
+
+  </div>
+</section>
+  <div class="wrapper py-70">
+    <header class="breadcrumbs">
+        <a href="/alerttags/">Alert Tags</a> &gt;
+
+        <a href="/alerttags/cwe-326">CWE-326</a>
+
+    </header>
+
+
+
+
+
+        <h4><a href="https://cwe.mitre.org/data/definitions/326.html">https://cwe.mitre.org/data/definitions/326.html</a></h4>
+
+      All of the alerts which use this tag:
+
+
+   <div class="flex latest-versions">
+      <table data-sort-filter>
+         <thead>
+            <tr>
+               <th>Tag</th>
+               <th>Link</th>
+            </tr>
+         </thead>
+         <tbody>
+
+
+               <tr>
+                  <td><a href="/docs/alerts/10105-2/">Weak Authentication Method</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+         </tbody>
+      </table>
+   </div>
+  </div>
+
+ </div>
+  <footer class="site-footer py-20 mt-20">
+  <div class="wrapper flex jc-sb">
+    <div class="flex ai-c">
+    <div class="footer-logo"><svg xmlns="http://www.w3.org/2000/svg" width="55px" viewBox="0 0 77.58 77.61"><path d="M49.48 21.64a3.46 3.46 0 0 1 .44 3 3.38 3.38 0 0 1-2.16 2.14l-1.17.38 10.74 13.56a3.39 3.39 0 0 1-1.83 5.41l-2 .5L68 65A37.78 37.78 0 0 0 39.85 2c-1.34 0-2.66.07-4 .2zM23.33 48.26a3.4 3.4 0 0 1 .45-6.09L25 41.7l-13.81-10a3.4 3.4 0 0 1 .62-5.86l.2-.09-5.47-3.84a37.79 37.79 0 0 0 55.32 48.6z" fill="#fff"/><path d="M67.84 69.48L49 45.59a.55.55 0 0 1 .28-.87l5.55-1.36a.58.58 0 0 0 .23-.13.48.48 0 0 0 .09-.11.62.62 0 0 0 .08-.24.58.58 0 0 0 0-.26.54.54 0 0 0-.07-.13L42.29 26.37a.75.75 0 0 1-.07-.12.55.55 0 0 1 .31-.74l4.35-1.4a.54.54 0 0 0 .26-.83L30.92.22a.5.5 0 0 0-.61-.22L.32 13a.55.55 0 0 0-.1.94l16.72 11.88a.52.52 0 0 1 .22.49.45.45 0 0 1-.09.26.48.48 0 0 1-.09.11l-.13.08-3.93 1.72a.55.55 0 0 0-.29.31v.13a.59.59 0 0 0 .22.5l8.62 6.22 8.61 6.21a.55.55 0 0 1 0 .87.57.57 0 0 1-.13.08l-5.11 2a.55.55 0 0 0-.28.75.56.56 0 0 0 .21.22l42.43 24.5a.53.53 0 0 0 .64-.79z" fill="#fff"/></svg></div>
+    <div class="footer-left">
+      <nav class="footer-nav">
+        <ul class="flex">
+
+
+
+            <li class="ml-10"><a href="/" title="Home page">Home</a></li>
+
+
+
+            <li class="ml-10"><a href="/blog/" title="Blog page">Blog</a></li>
+
+
+
+            <li class="ml-10"><a href="/videos/" title="Videos page">Videos</a></li>
+
+
+
+            <li class="ml-10"><a href="/community/" title="Community page">Community</a></li>
+
+
+
+            <li class="ml-10"><a href="/sponsor/" title="Sponsor page">Sponsor</a></li>
+
+
+
+            <li class="ml-10"><a href="/docs/statistics/" title="Statistics page">Statistics</a></li>
+
+
+        </ul>
+      </nav>
+
+    </div>
+  </div>
+
+    <div class="flex ai-c">
+      <span class="OutroFooter">
+      ZAP is part of <a href="https://softwaresecurityproject.org/">The Software Security Project</a><br>
+      © Copyright 2024 the ZAP Dev Team</br>
+      </span>
+      <ul class="flex footer-social">
+        <li>
+          <a href="https://github.com/zaproxy/" aria-label="Go to ZAP's GitHub repo"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.36 18.88"><path d="M9.68 0a9.68 9.68 0 0 0-3.06 18.86c.48.09.64-.21.64-.46v-1.8C4.57 17.18 4 15.45 4 15.45A2.57 2.57 0 0 0 2.93 14c-.88-.6.07-.59.07-.59a2 2 0 0 1 1.48 1 2.06 2.06 0 0 0 2.82.8A2 2 0 0 1 7.91 14c-2.15-.29-4.41-1.12-4.41-4.83a3.72 3.72 0 0 1 1-2.59A3.53 3.53 0 0 1 4.59 4s.82-.26 2.67 1a9 9 0 0 1 4.84 0c1.9-1.25 2.66-1 2.66-1a3.49 3.49 0 0 1 .1 2.57 3.71 3.71 0 0 1 1 2.59c0 3.72-2.26 4.54-4.42 4.78a2.3 2.3 0 0 1 .67 1.79v2.67c0 .25.15.56.64.46A9.68 9.68 0 0 0 9.68 0z" fill="#00549e"/></svg></a>
+        </li>
+        <li>
+            <a href="https://twitter.com/zaproxy" aria-label="Follow ZAP on Twitter"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.36 15.73"><path d="M19.36 1.86a8 8 0 0 1-2.28.63 3.94 3.94 0 0 0 1.74-2.2 7.53 7.53 0 0 1-2.52 1 4 4 0 0 0-6.77 3.59A11.29 11.29 0 0 1 1.35.73 4 4 0 0 0 2.58 6a3.91 3.91 0 0 1-1.8-.5A4 4 0 0 0 4 9.48a4 4 0 0 1-1.79.06 4 4 0 0 0 3.67 2.76A8 8 0 0 1 0 14a11.32 11.32 0 0 0 6.09 1.78A11.24 11.24 0 0 0 17.38 3.92a8.08 8.08 0 0 0 1.98-2.06z" fill="#00549e"/></svg></a>
+        </li>
+      </ul>
+    </div>
+  </div>
+</footer>
+
+
+
+    <script src="/main.74aab8.js"></script>
+
+</div>
+</body>
+</html>
diff --git a/alerttags/cwe-326/index.xml b/alerttags/cwe-326/index.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
+  <channel>
+    <title>CWE-326 on ZAP</title>
+    <link>/alerttags/cwe-326/</link>
+    <description>Recent content in CWE-326 on ZAP</description>
+    <generator>Hugo -- gohugo.io</generator>
+    <language>en-us</language>
+    <atom:link href="/alerttags/cwe-326/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Weak Authentication Method</title>
+      <link>/docs/alerts/10105-2/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/10105-2/</guid>
+      <description>HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.</description>
+    </item>
+  </channel>
+</rss>
diff --git a/alerttags/cwe-352/index.html b/alerttags/cwe-352/index.html
@@ -165,6 +165,12 @@ <h4><a href="https://cwe.mitre.org/data/definitions/352.html">https://cwe.mitre.
          <tbody>
 
 
+               <tr>
+                  <td><a href="/docs/alerts/10202/">Absence of Anti-CSRF Tokens</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
                <tr>
                   <td><a href="/docs/alerts/90005-7/">Sec-Fetch-Dest Header Has an Invalid Value</a></td>
                   <td><a href=""></a></td>

diff --git a/alerttags/cwe-352/index.xml b/alerttags/cwe-352/index.xml
@@ -7,6 +7,13 @@
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
     <atom:link href="/alerttags/cwe-352/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Absence of Anti-CSRF Tokens</title>
+      <link>/docs/alerts/10202/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/10202/</guid>
+      <description>No Anti-CSRF tokens were found in a HTML submission form. A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way.</description>
+    </item>
     <item>
       <title>Sec-Fetch-Dest Header Has an Invalid Value</title>
       <link>/docs/alerts/90005-7/</link>

diff --git a/alerttags/index.html b/alerttags/index.html
@@ -321,6 +321,12 @@ <h1 class="text--white">Alert Tags</h1>
                </tr>
 
 
+               <tr>
+                  <td><a href="/alerttags/cwe-326/">CWE-326</a></td>
+                  <td><a href="https://cwe.mitre.org/data/definitions/326.html">https://cwe.mitre.org/data/definitions/326.html</a></td>
+               </tr>
+
+
                <tr>
                   <td><a href="/alerttags/cwe-345/">CWE-345</a></td>
                   <td><a href="https://cwe.mitre.org/data/definitions/345.html">https://cwe.mitre.org/data/definitions/345.html</a></td>

diff --git a/alerttags/index.xml b/alerttags/index.xml
@@ -196,6 +196,13 @@
       <guid>/alerttags/cwe-319/</guid>
       <description></description>
     </item>
+    <item>
+      <title>CWE-326</title>
+      <link>/alerttags/cwe-326/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/alerttags/cwe-326/</guid>
+      <description></description>
+    </item>
     <item>
       <title>CWE-345</title>
       <link>/alerttags/cwe-345/</link>

diff --git a/alerttags/owasp_2017_a02/index.html b/alerttags/owasp_2017_a02/index.html
@@ -166,7 +166,13 @@ <h4><a href="https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentic
 
 
                <tr>
-                  <td><a href="/docs/alerts/10105/">Weak Authentication Method</a></td>
+                  <td><a href="/docs/alerts/10105-1/">Authentication Credentials Captured</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
+               <tr>
+                  <td><a href="/docs/alerts/10105-2/">Weak Authentication Method</a></td>
                   <td><a href=""></a></td>
                </tr>
 

diff --git a/alerttags/owasp_2017_a02/index.xml b/alerttags/owasp_2017_a02/index.xml
@@ -7,11 +7,18 @@
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
     <atom:link href="/alerttags/owasp_2017_a02/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Authentication Credentials Captured</title>
+      <link>/docs/alerts/10105-1/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/10105-1/</guid>
+      <description>An insecure authentication mechanism is in use. This allows an attacker on the network access to the userid and password of the authenticated user. For Basic Authentication, the attacker must merely monitor the network traffic until a Basic Authentication request is received, and then base64 decode the username and password.</description>
+    </item>
     <item>
       <title>Weak Authentication Method</title>
-      <link>/docs/alerts/10105/</link>
+      <link>/docs/alerts/10105-2/</link>
       <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
-      <guid>/docs/alerts/10105/</guid>
+      <guid>/docs/alerts/10105-2/</guid>
       <description>HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.</description>
     </item>
   </channel>

diff --git a/alerttags/owasp_2017_a03/index.html b/alerttags/owasp_2017_a03/index.html
@@ -177,6 +177,12 @@ <h4><a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_E
                </tr>
 
 
+               <tr>
+                  <td><a href="/docs/alerts/10105-1/">Authentication Credentials Captured</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
                <tr>
                   <td><a href="/docs/alerts/10095/">Backup File Disclosure</a></td>
                   <td><a href=""></a></td>
@@ -292,7 +298,7 @@ <h4><a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_E
 
 
                <tr>
-                  <td><a href="/docs/alerts/10105/">Weak Authentication Method</a></td>
+                  <td><a href="/docs/alerts/10105-2/">Weak Authentication Method</a></td>
                   <td><a href=""></a></td>
                </tr>