Merge pull request #2785 from zapbot/update-alerts

thc202 · web-flow · commit 38d8825651fc · 2024-09-03T13:38:51.000+01:00
Update alert pages
diff --git a/site/content/docs/alerts/10004.md b/site/content/docs/alerts/10004.md
@@ -0,0 +1,22 @@
+---
+title: "Tech Detected - Apache HTTP Server"
+alertid: 10004
+alertindex: 1000400
+alerttype: "Tool"
+alertcount: 1
+status: release
+type: alert
+risk: Informational
+solution: ""
+references:
+   - https://httpd.apache.org
+other: "The following CPE is associated with the identified tech: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* The following version(s) is/are associated with the identified tech: 2.4.7"
+cwe: 200
+wasc: 13
+alerttags: 
+  - CWE-200
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java
+linktext: "org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java"
+help: https://www.zaproxy.org/docs/desktop/addons/technology-detection/options/#10004
+---
+The following "Web servers" technology was identified: Apache HTTP Server.
diff --git a/site/content/docs/alerts/10094-1.md b/site/content/docs/alerts/10094-1.md
@@ -22,4 +22,4 @@ code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha
 linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/Base64Disclosure.java"
 help: https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-alpha/#id-10094
 ---
-An ASP.NET ViewState was disclosed by the application/web server
+An ASP.NET ViewState was disclosed by the application/web server.
diff --git a/site/content/docs/alerts/10094-2.md b/site/content/docs/alerts/10094-2.md
@@ -22,4 +22,4 @@ code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha
 linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/Base64Disclosure.java"
 help: https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-alpha/#id-10094
 ---
-The application does not use a Message Authentication Code (MAC) to protect the integrity of the ASP.NET ViewState, which can be tampered with by a malicious client
+The application does not use a Message Authentication Code (MAC) to protect the integrity of the ASP.NET ViewState, which can be tampered with by a malicious client.
diff --git a/site/content/docs/alerts/40015.md b/site/content/docs/alerts/40015.md
@@ -7,7 +7,7 @@ alertcount: 1
 status: alpha
 type: alert
 risk: High
-solution: "Validate and/or escape all user input before using it to create an LDAP query.  In particular, the following characters (or combinations) should be deny listed: & | ! < > = ~= >= <= * ( ) , + - \" ' ; \\ / NUL character  "
+solution: "Validate and/or escape all user input before using it to create an LDAP query.  In particular, the following characters (or combinations) should be deny listed: & | ! < > = ~= >= <= * ( ) , + - \" ' ; \\ / NUL character "
 references:
    - https://owasp.org/www-community/attacks/LDAP_Injection
    - https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html
@@ -24,4 +24,4 @@ code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrulesAlpha
 linktext: "org/zaproxy/zap/extension/ascanrulesAlpha/LdapInjectionScanRule.java"
 help: https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-alpha/#id-40015
 ---
-LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory. 
+LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.
diff --git a/site/content/docs/alerts/40033.md b/site/content/docs/alerts/40033.md
@@ -7,7 +7,7 @@ alertcount: 1
 status: alpha
 type: alert
 risk: High
-solution: "Do not trust client side input and escape all data on the server side.  Avoid to use the query input directly into the where and group clauses and upgrade all drivers at the latest available version."
+solution: "Do not trust client side input and escape all data on the server side. Avoid to use the query input directly into the where and group clauses and upgrade all drivers at the latest available version."
 references:
    - https://arxiv.org/pdf/1506.04082.pdf
    - https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.html
diff --git a/site/content/docs/alerts/90039.md b/site/content/docs/alerts/90039.md
@@ -7,7 +7,7 @@ alertcount: 1
 status: alpha
 type: alert
 risk: High
-solution: "Do not trust client side input and escape all data on the server side.  Avoid to use the query input directly into the where and group clauses and upgrade all drivers at the latest available version."
+solution: "Do not trust client side input and escape all data on the server side. Avoid to use the query input directly into the where and group clauses and upgrade all drivers at the latest available version."
 references:
    - https://arxiv.org/pdf/1506.04082.pdf
    - https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.html
