secureCodeBox/secureCodeBox

View on GitHub
scanners/zap/parser/__testFiles__/bodgeit.xml

Summary

Maintainability
Test Coverage
<!--
SPDX-FileCopyrightText: the secureCodeBox authors

SPDX-License-Identifier: Apache-2.0
-->

<?xml version="1.0"?>
<OWASPZAPReport version="2.11.1" generated="Tue, 1 Feb 2022 15:42:10">
    
        <site name="//bodgeit.securecodebox-demo.svc" host="//bodgeit.securecodebox-demo.svc" port="80" ssl="false">
            <alerts>
                
            </alerts>
        </site>
    
    
        <site name="https://cwiki.apache.org" host="cwiki.apache.org" port="443" ssl="true">
            <alerts>
                
                    <alertitem>
                        <pluginid>100001</pluginid>
                        <alertRef>100001</alertRef>
                        <alert>Unexpected Content-Type was returned</alert>
                        <name>Unexpected Content-Type was returned</name>
                        <riskcode>1</riskcode>
                        <confidence>3</confidence>
                        <riskdesc>Low (High)</riskdesc>
                        <confidencedesc>High</confidencedesc>
                        <desc>&lt;p&gt;A Content-Type of text/html was returned by the server.&lt;/p&gt;&lt;p&gt;This is not one of the types expected to be returned by an API.&lt;/p&gt;&lt;p&gt;Raised by the &apos;Alert on Unexpected Content Types&apos; script&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>https://cwiki.apache.org/confluence/display/tomcat/FrontPage</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>https://cwiki.apache.org/tomcat/FrontPage</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                        </instances>
                        <count>2</count>
                        <solution></solution>
                        <otherinfo></otherinfo>
                        <reference></reference>
                        <cweid>-1</cweid>
                        <wascid>-1</wascid>
                        <sourceid>151</sourceid>
                    </alertitem>
                
            </alerts>
        </site>
    
    
        <site name="http://wiki.apache.org" host="wiki.apache.org" port="80" ssl="false">
            <alerts>
                
                    <alertitem>
                        <pluginid>100001</pluginid>
                        <alertRef>100001</alertRef>
                        <alert>Unexpected Content-Type was returned</alert>
                        <name>Unexpected Content-Type was returned</name>
                        <riskcode>1</riskcode>
                        <confidence>3</confidence>
                        <riskdesc>Low (High)</riskdesc>
                        <confidencedesc>High</confidencedesc>
                        <desc>&lt;p&gt;A Content-Type of text/html was returned by the server.&lt;/p&gt;&lt;p&gt;This is not one of the types expected to be returned by an API.&lt;/p&gt;&lt;p&gt;Raised by the &apos;Alert on Unexpected Content Types&apos; script&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>http://wiki.apache.org/tomcat/FrontPage</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                        </instances>
                        <count>1</count>
                        <solution></solution>
                        <otherinfo></otherinfo>
                        <reference></reference>
                        <cweid>-1</cweid>
                        <wascid>-1</wascid>
                        <sourceid>139</sourceid>
                    </alertitem>
                
            </alerts>
        </site>
    
    
        <site name="https://content-signature-2.cdn.mozilla.net" host="content-signature-2.cdn.mozilla.net" port="443" ssl="true">
            <alerts>
                
                    <alertitem>
                        <pluginid>100001</pluginid>
                        <alertRef>100001</alertRef>
                        <alert>Unexpected Content-Type was returned</alert>
                        <name>Unexpected Content-Type was returned</name>
                        <riskcode>1</riskcode>
                        <confidence>3</confidence>
                        <riskdesc>Low (High)</riskdesc>
                        <confidencedesc>High</confidencedesc>
                        <desc>&lt;p&gt;A Content-Type of binary/octet-stream was returned by the server.&lt;/p&gt;&lt;p&gt;This is not one of the types expected to be returned by an API.&lt;/p&gt;&lt;p&gt;Raised by the &apos;Alert on Unexpected Content Types&apos; script&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-03-01-08-35-12.chain</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>binary/octet-stream</evidence>
                                </instance>
                            
                        </instances>
                        <count>1</count>
                        <solution></solution>
                        <otherinfo></otherinfo>
                        <reference></reference>
                        <cweid>-1</cweid>
                        <wascid>-1</wascid>
                        <sourceid>132</sourceid>
                    </alertitem>
                
            </alerts>
        </site>
    
    
        <site name="http://bodgeit.securecodebox-demo.svc:8080" host="bodgeit.securecodebox-demo.svc" port="8080" ssl="false">
            <alerts>
                
                    <alertitem>
                        <pluginid>10038</pluginid>
                        <alertRef>10038</alertRef>
                        <alert>Content Security Policy (CSP) Header Not Set</alert>
                        <name>Content Security Policy (CSP) Header Not Set</name>
                        <riskcode>2</riskcode>
                        <confidence>3</confidence>
                        <riskdesc>Medium (High)</riskdesc>
                        <confidencedesc>High</confidencedesc>
                        <desc>&lt;p&gt;Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page &#x2014; covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence></evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence></evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence></evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence></evidence>
                                </instance>
                            
                        </instances>
                        <count>4</count>
                        <solution>&lt;p&gt;Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header, to achieve optimal browser support: &quot;Content-Security-Policy&quot; for Chrome 25+, Firefox 23+ and Safari 7+, &quot;X-Content-Security-Policy&quot; for Firefox 4.0+ and Internet Explorer 10+, and &quot;X-WebKit-CSP&quot; for Chrome 14+ and Safari 6+.&lt;/p&gt;</solution>
                        <otherinfo></otherinfo>
                        <reference>&lt;p&gt;https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy&lt;/p&gt;&lt;p&gt;https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html&lt;/p&gt;&lt;p&gt;http://www.w3.org/TR/CSP/&lt;/p&gt;&lt;p&gt;http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html&lt;/p&gt;&lt;p&gt;http://www.html5rocks.com/en/tutorials/security/content-security-policy/&lt;/p&gt;&lt;p&gt;http://caniuse.com/#feat=contentsecuritypolicy&lt;/p&gt;&lt;p&gt;http://content-security-policy.com/&lt;/p&gt;</reference>
                        <cweid>693</cweid>
                        <wascid>15</wascid>
                        <sourceid>13</sourceid>
                    </alertitem>
                
                
                    <alertitem>
                        <pluginid>90028</pluginid>
                        <alertRef>90028</alertRef>
                        <alert>Insecure HTTP Method - PUT</alert>
                        <name>Insecure HTTP Method - PUT</name>
                        <riskcode>2</riskcode>
                        <confidence>2</confidence>
                        <riskdesc>Medium (Medium)</riskdesc>
                        <confidencedesc>Medium</confidencedesc>
                        <desc>&lt;p&gt;This method was originally intended for file managemant operations. It is now most commonly used in REST services, PUT is most-often utilized for **update** capabilities, PUT-ing to a known resource URI with the request body containing the newly-updated representation of the original resource..&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/m3icel4qks</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>response code 403 for potentially insecure HTTP METHOD</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml/v95p352358</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>response code 403 for potentially insecure HTTP METHOD</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt/1cpka1vqho</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>response code 403 for potentially insecure HTTP METHOD</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml/othk2m9rl0</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>response code 403 for potentially insecure HTTP METHOD</evidence>
                                </instance>
                            
                        </instances>
                        <count>4</count>
                        <solution>&lt;p&gt;TBA&lt;/p&gt;</solution>
                        <otherinfo>&lt;p&gt;See the discussion on stackexchange: https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods, for understanding REST operations see http://www.restapitutorial.com/lessons/httpmethods.html&lt;/p&gt;</otherinfo>
                        <reference>&lt;p&gt;http://projects.webappsec.org/Fingerprinting&lt;/p&gt;&lt;p&gt;&lt;/p&gt;</reference>
                        <cweid>200</cweid>
                        <wascid>45</wascid>
                        <sourceid>315</sourceid>
                    </alertitem>
                
                
                    <alertitem>
                        <pluginid>10020</pluginid>
                        <alertRef>10020</alertRef>
                        <alert>Missing Anti-clickjacking Header</alert>
                        <name>Missing Anti-clickjacking Header</name>
                        <riskcode>2</riskcode>
                        <confidence>2</confidence>
                        <riskdesc>Medium (Medium)</riskdesc>
                        <confidencedesc>Medium</confidencedesc>
                        <desc>&lt;p&gt;The response does not include either Content-Security-Policy with &apos;frame-ancestors&apos; directive or X-Frame-Options to protect against &apos;ClickJacking&apos; attacks.&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080</uri>
                                    <method>GET</method>
                                    <param>X-Frame-Options</param>
                                    <attack></attack>
                                    <evidence></evidence>
                                </instance>
                            
                        </instances>
                        <count>1</count>
                        <solution>&lt;p&gt;Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.&lt;/p&gt;&lt;p&gt;If you expect the page to be framed only by pages on your server (e.g. it&apos;s part of a FRAMESET) then you&apos;ll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy&apos;s &quot;frame-ancestors&quot; directive.&lt;/p&gt;</solution>
                        <otherinfo></otherinfo>
                        <reference>&lt;p&gt;https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options&lt;/p&gt;</reference>
                        <cweid>1021</cweid>
                        <wascid>15</wascid>
                        <sourceid>13</sourceid>
                    </alertitem>
                
                
                    <alertitem>
                        <pluginid>100000</pluginid>
                        <alertRef>100000</alertRef>
                        <alert>A Server Error response code was returned by the server</alert>
                        <name>A Server Error response code was returned by the server</name>
                        <riskcode>1</riskcode>
                        <confidence>3</confidence>
                        <riskdesc>Low (High)</riskdesc>
                        <confidencedesc>High</confidencedesc>
                        <desc>&lt;p&gt;A response code of 501 was returned by the server.&lt;/p&gt;&lt;p&gt;This may indicate that the application is failing to handle unexpected input correctly.&lt;/p&gt;&lt;p&gt;Raised by the &apos;Alert on HTTP Response Code Error&apos; script&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/9WZL9</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 501</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml5DV53</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 501</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/apiR65NV</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 501</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt13S8Q</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 501</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xmlVXC3F</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 501</evidence>
                                </instance>
                            
                        </instances>
                        <count>5</count>
                        <solution></solution>
                        <otherinfo></otherinfo>
                        <reference></reference>
                        <cweid>388</cweid>
                        <wascid>20</wascid>
                        <sourceid>223</sourceid>
                    </alertitem>
                
                
                    <alertitem>
                        <pluginid>10036</pluginid>
                        <alertRef>10036</alertRef>
                        <alert>Server Leaks Version Information via &quot;Server&quot; HTTP Response Header Field</alert>
                        <name>Server Leaks Version Information via &quot;Server&quot; HTTP Response Header Field</name>
                        <riskcode>1</riskcode>
                        <confidence>3</confidence>
                        <riskdesc>Low (High)</riskdesc>
                        <confidencedesc>High</confidencedesc>
                        <desc>&lt;p&gt;The web/application server is leaking version information via the &quot;Server&quot; HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>Apache-Coyote/1.1</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>Apache-Coyote/1.1</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>Apache-Coyote/1.1</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>Apache-Coyote/1.1</evidence>
                                </instance>
                            
                        </instances>
                        <count>4</count>
                        <solution>&lt;p&gt;Ensure that your web server, application server, load balancer, etc. is configured to suppress the &quot;Server&quot; header or provide generic details.&lt;/p&gt;</solution>
                        <otherinfo></otherinfo>
                        <reference>&lt;p&gt;http://httpd.apache.org/docs/current/mod/core.html#servertokens&lt;/p&gt;&lt;p&gt;http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007&lt;/p&gt;&lt;p&gt;http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx&lt;/p&gt;&lt;p&gt;http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html&lt;/p&gt;</reference>
                        <cweid>200</cweid>
                        <wascid>13</wascid>
                        <sourceid>13</sourceid>
                    </alertitem>
                
                
                    <alertitem>
                        <pluginid>100001</pluginid>
                        <alertRef>100001</alertRef>
                        <alert>Unexpected Content-Type was returned</alert>
                        <name>Unexpected Content-Type was returned</name>
                        <riskcode>1</riskcode>
                        <confidence>3</confidence>
                        <riskdesc>Low (High)</riskdesc>
                        <confidencedesc>High</confidencedesc>
                        <desc>&lt;p&gt;A Content-Type of text/html was returned by the server.&lt;/p&gt;&lt;p&gt;This is not one of the types expected to be returned by an API.&lt;/p&gt;&lt;p&gt;Raised by the &apos;Alert on Unexpected Content Types&apos; script&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.DS_Store</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.env</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.git/config</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.htaccess</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.idea/WebServers.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.php_cs.cache</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.ssh/id_dsa</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.ssh/id_rsa</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.svn/entries</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/8732990967634790318</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/?-s</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/?name=abc</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/adminer.php</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/.env</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/.htaccess</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/8756109290027926951</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml/8co5j/bl2sm</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml?name=abc</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/trace.axd</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api?name=abc</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/app/etc/local.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/asf-logo.png</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>image/png</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/bg-button.png</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>image/png</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/bg-middle.png</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>image/png</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/bg-nav.png</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>image/png</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/bg-upper.png</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>image/png</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/CHANGELOG.txt</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/clientaccesspolicy.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/composer.json</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/composer.lock</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/config/database.yml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/config/databases.yml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/core</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/crossdomain.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/CVS/root</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/DEADJOE</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/appdev/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/images/asf-feather.png</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>image/png</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/images/docs-stylesheet.css</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/css</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/images/fonts/fonts.css</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/css</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/images/fonts/OpenSans400.woff</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>application/x-font-woff</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/images/fonts/OpenSans400italic.woff</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>application/x-font-woff</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/images/fonts/OpenSans600.woff</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>application/x-font-woff</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/images/fonts/OpenSans700.woff</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>application/x-font-woff</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/images/tomcat.png</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>image/png</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/docs/jndi-datasource-examples-howto.html</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/elmah.axd</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/examples/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/favicon.ico</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>image/x-icon</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/filezilla.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/host-manager/html</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/id_dsa</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/id_rsa</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/key.pem</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/lfm.php</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/manager/html</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/manager/status</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/myserver.key</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/privatekey.key</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt/8co5j/bl2sm</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt?name=abc</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/server-info</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/server-status</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/server.key</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sftp-config.json</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemanager.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml/8co5j/bl2sm</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml?name=abc</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sites/default/files/.ht.sqlite</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sites/default/private/files/backup_migrate/scheduled/test.txt</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/tomcat.css</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/css</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/tomcat.png</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>image/png</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/trace.axd</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/vim_settings.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WEB-INF/applicationContext.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WEB-INF/classes/8/0/37.class</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WEB-INF/classes/A/name.class</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WEB-INF/web.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/winscp.ini</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WS_FTP.ini</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080</uri>
                                    <method>OPTIONS</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input</uri>
                                    <method>POST</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input</uri>
                                    <method>POST</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input</uri>
                                    <method>POST</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input</uri>
                                    <method>POST</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input</uri>
                                    <method>POST</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/m3icel4qks</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml/v95p352358</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt/1cpka1vqho</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml/othk2m9rl0</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/9WZL9</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml5DV53</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/apiR65NV</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt13S8Q</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xmlVXC3F</uri>
                                    <method>TRACK</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>text/html</evidence>
                                </instance>
                            
                        </instances>
                        <count>105</count>
                        <solution></solution>
                        <otherinfo></otherinfo>
                        <reference></reference>
                        <cweid>-1</cweid>
                        <wascid>-1</wascid>
                        <sourceid>13</sourceid>
                    </alertitem>
                
                
                    <alertitem>
                        <pluginid>10021</pluginid>
                        <alertRef>10021</alertRef>
                        <alert>X-Content-Type-Options Header Missing</alert>
                        <name>X-Content-Type-Options Header Missing</name>
                        <riskcode>1</riskcode>
                        <confidence>2</confidence>
                        <riskdesc>Low (Medium)</riskdesc>
                        <confidencedesc>Medium</confidencedesc>
                        <desc>&lt;p&gt;The Anti-MIME-Sniffing header X-Content-Type-Options was not set to &apos;nosniff&apos;. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080</uri>
                                    <method>GET</method>
                                    <param>X-Content-Type-Options</param>
                                    <attack></attack>
                                    <evidence></evidence>
                                </instance>
                            
                        </instances>
                        <count>1</count>
                        <solution>&lt;p&gt;Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to &apos;nosniff&apos; for all web pages.&lt;/p&gt;&lt;p&gt;If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.&lt;/p&gt;</solution>
                        <otherinfo>&lt;p&gt;This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.&lt;/p&gt;&lt;p&gt;At &quot;High&quot; threshold this scan rule will not alert on client or server error responses.&lt;/p&gt;</otherinfo>
                        <reference>&lt;p&gt;http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx&lt;/p&gt;&lt;p&gt;https://owasp.org/www-community/Security_Headers&lt;/p&gt;</reference>
                        <cweid>693</cweid>
                        <wascid>15</wascid>
                        <sourceid>13</sourceid>
                    </alertitem>
                
                
                    <alertitem>
                        <pluginid>100000</pluginid>
                        <alertRef>100000</alertRef>
                        <alert>A Client Error response code was returned by the server</alert>
                        <name>A Client Error response code was returned by the server</name>
                        <riskcode>0</riskcode>
                        <confidence>3</confidence>
                        <riskdesc>Informational (High)</riskdesc>
                        <confidencedesc>High</confidencedesc>
                        <desc>&lt;p&gt;A response code of 404 was returned by the server.&lt;/p&gt;&lt;p&gt;This may indicate that the application is failing to handle unexpected input correctly.&lt;/p&gt;&lt;p&gt;Raised by the &apos;Alert on HTTP Response Code Error&apos; script&lt;/p&gt;</desc>
                        <instances>
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.DS_Store</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.env</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.git/config</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.htaccess</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.idea/WebServers.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.php_cs.cache</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.ssh/id_dsa</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.ssh/id_rsa</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/.svn/entries</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/8732990967634790318</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/adminer.php</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/.env</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/.htaccess</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/8756109290027926951</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml/8co5j/bl2sm</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml?name=abc</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/trace.axd</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api?name=abc</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/app/etc/local.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/CHANGELOG.txt</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/clientaccesspolicy.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/composer.json</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/composer.lock</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/config/database.yml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/config/databases.yml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/core</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/crossdomain.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/CVS/root</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/DEADJOE</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/elmah.axd</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/filezilla.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/host-manager/html</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 401</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/id_dsa</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/id_rsa</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/key.pem</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/lfm.php</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/manager/html</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 401</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/manager/status</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 401</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/myserver.key</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/privatekey.key</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt/8co5j/bl2sm</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt?name=abc</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/server-info</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/server-status</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/server.key</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sftp-config.json</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemanager.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml/</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml/8co5j/bl2sm</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml?name=abc</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sites/default/files/.ht.sqlite</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sites/default/private/files/backup_migrate/scheduled/test.txt</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/trace.axd</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/vim_settings.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WEB-INF/applicationContext.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WEB-INF/classes/8/0/37.class</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WEB-INF/classes/A/name.class</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WEB-INF/web.xml</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/winscp.ini</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/WS_FTP.ini</uri>
                                    <method>GET</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080</uri>
                                    <method>OPTIONS</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 405</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input</uri>
                                    <method>POST</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input</uri>
                                    <method>POST</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input</uri>
                                    <method>POST</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input</uri>
                                    <method>POST</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 404</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/m3icel4qks</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 403</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml/v95p352358</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 403</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt/1cpka1vqho</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 403</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml/othk2m9rl0</uri>
                                    <method>PUT</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 403</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080</uri>
                                    <method>TRACE</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 405</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api</uri>
                                    <method>TRACE</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 405</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/api/swagger.yaml</uri>
                                    <method>TRACE</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 405</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/robots.txt</uri>
                                    <method>TRACE</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 405</evidence>
                                </instance>
                            
                            
                                <instance>
                                    <uri>http://bodgeit.securecodebox-demo.svc:8080/sitemap.xml</uri>
                                    <method>TRACE</method>
                                    <param></param>
                                    <attack></attack>
                                    <evidence>HTTP/1.1 405</evidence>
                                </instance>
                            
                        </instances>
                        <count>81</count>
                        <solution></solution>
                        <otherinfo></otherinfo>
                        <reference></reference>
                        <cweid>388</cweid>
                        <wascid>20</wascid>
                        <sourceid>279</sourceid>
                    </alertitem>
                
                
                    <alertitem>
                        <pluginid>10106</pluginid>
                        <alertRef>10106</alertRef>
                        <alert>HTTP Only Site</alert>
                        <name>HTTP Only Site</name>
                        <riskcode>2</riskcode>
                        <confidence>0</confidence>
                        <riskdesc>Medium (False Positive)</riskdesc>
                        <confidencedesc>False Positive</confidencedesc>
                        <desc>&lt;p&gt;The site is only served under HTTP and not HTTPS.&lt;/p&gt;</desc>
                        <instances>
                            
                        </instances>
                        <count>0</count>
                        <solution>&lt;p&gt;Configure your web or application server to use SSL (https).&lt;/p&gt;</solution>
                        <otherinfo>&lt;p&gt;Failed to connect.&lt;/p&gt;&lt;p&gt;ZAP attempted to connect via: https://bodgeit.securecodebox-demo.svc:443&lt;/p&gt;</otherinfo>
                        <reference>&lt;p&gt;https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html&lt;/p&gt;&lt;p&gt;https://letsencrypt.org/&lt;/p&gt;</reference>
                        <cweid>311</cweid>
                        <wascid>4</wascid>
                        <sourceid>206</sourceid>
                    </alertitem>
                
            </alerts>
        </site>
</OWASPZAPReport>