Insecure Redirect Chain

medium Web App Scanning Plugin ID 113219

Language:

Synopsis

Insecure Redirect Chain

Description

The scanner encountered one or more insecure redirects during the application crawl which means the redirection chain is not fully done with HTTPS. During an insecure redirection anyone could establish a man-in-the-middle attack against the remote host.

Solution

It is necessary to perform redirects only to HTTPS sites. It is also recommended to add HTTP Strict Transport Security (HSTS) on the final URL.

Plugin Details

Severity: Medium

ID: 113219

Type: remote

Family: SSL/TLS

Published: 5/16/2024

Updated: 11/14/2024

Scan Template: api, basic, config_audit, full, pci, quick, scan, ssl_tls

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CVSS Score Source: Tenable

Reference Information

CWE: 319

OWASP: 2010-A9, 2013-A6, 2017-A3, 2021-A2

WASC: Insufficient Transport Layer Protection

CAPEC: 102, 117, 383, 477, 65

DISA STIG: APSC-DV-000170

HIPAA: 164.312(a), 164.312(e)

ISO: 27001-A.10.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.18.1.5

NIST: sp800_53-SC-13

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-9.1.1

PCI-DSS: 3.2-6.5.4