PCI-DSS 4.0 6.2.4

Common coding vulnerabilities

UnveilScan findings mapped to this control

The scanner emits 2 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

web.auth_header_reflection ⏱ 1h

WEB — Auth header reflection

Risk if ignored: WAF bypass potential: crafted X-Forwarded-User / X-Original-URL reach the backend intact, enabling impersonation or ACL skip.

security

Also maps to 1 other control

ISO 27001:2022 A.5.15 — Access control

web.http_trace_enabled ⏱ 15 min

WEB — Http trace enabled

Risk if ignored: Classic XST: a compromised or malicious same-origin JS can steal HTTP-only cookies via XHR TRACE.

security

Also maps to 1 other control

ISO 27001:2022 A.8.9 — Configuration management