ISO 27001:2022 A.5.15

Access control

UnveilScan findings mapped to this control

The scanner emits 1 distinct finding on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

web.auth_header_reflection ⏱ 1h

WEB — Auth header reflection

Risk if ignored: WAF bypass potential: crafted X-Forwarded-User / X-Original-URL reach the backend intact, enabling impersonation or ACL skip.

security

Also maps to 1 other control

PCI-DSS 4.0 6.2.4 — Common coding vulnerabilities