From 621d6db19084c3f2856a34d5f0e845dfc9e9166e Mon Sep 17 00:00:00 2001 From: DashlordBetaGouvBot Date: Fri, 8 Dec 2023 09:31:10 +0000 Subject: [PATCH] update: https://cfas.apprentissage.beta.gouv.fr --- .../declaration-a11y.json | 2 +- .../declaration-rgpd.json | 2 +- .../http.json | 2 +- ...wcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZyLw==.html | 2 +- .../lhr.json | 2058 +++++++++-------- .../nmapvuln.gnmap | 4 +- .../nmapvuln.html | 2 +- .../nmapvuln.nmap | 6 +- .../nmapvuln.xml | 16 +- .../nuclei.json | 73 +- .../testssl.csv | 4 +- .../testssl.html | 8 +- .../testssl.json | 6 +- .../thirdparties.json | 4 +- .../updownio.json | 2 +- .../zap.html | 470 +++- .../zap.json | 222 +- 17 files changed, 1654 insertions(+), 1229 deletions(-) diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-a11y.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-a11y.json index 8044f28e135..1455f843978 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-a11y.json +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-a11y.json @@ -1 +1 @@ -{"mention":null} +{"mention":"Accessibilité : non conforme","declarationUrl":"https://cfas.apprentissage.beta.gouv.fr/accessibilite"} diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-rgpd.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-rgpd.json index 8c2a3640b37..aff77904b3b 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-rgpd.json +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-rgpd.json @@ -1 +1 @@ -[{"slug":"ml","mention":"Mentions légales","maxScore":4,"score":4,"missingWords":[],"missingTrackers":[],"declarationUrl":"https://cfas.apprentissage.beta.gouv.fr/mentions-legales"},{"slug":"pc","mention":"Politique de confidentialité","maxScore":4,"score":3,"missingWords":["durée de conservation"],"missingTrackers":[],"declarationUrl":"https://cfas.apprentissage.beta.gouv.fr/politique-de-confidentialite"}] +[{"slug":"ml","mention":null,"maxScore":0,"score":0,"missingWords":[],"missingTrackers":[]},{"slug":"pc","mention":null,"maxScore":0,"score":0,"missingWords":[],"missingTrackers":[]}] diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/http.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/http.json index d028af26557..06cdcc3a646 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/http.json +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/http.json @@ -1 +1 @@ -{"url":"https://cfas.apprentissage.beta.gouv.fr","algorithm_version":2,"end_time":"Sun, 03 Dec 2023 20:58:06 GMT","grade":"A+","hidden":false,"likelihood_indicator":"LOW","response_headers":{"Cache-Control":"private, no-cache, no-store, max-age=0, must-revalidate","Connection":"keep-alive","Content-Encoding":"gzip","Content-Security-Policy":"default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;","Content-Type":"text/html; charset=utf-8","Date":"Sun, 03 Dec 2023 20:58:03 GMT","ETag":"\"y82pp9mnreoo8\"","Referrer-Policy":"no-referrer-when-downgrade","Strict-Transport-Security":"max-age=31536000; includeSubdomains","Transfer-Encoding":"chunked","Vary":"Accept-Encoding","X-Content-Type-Options":"nosniff","X-Frame-Options":"SAMEORIGIN"},"scan_id":45161729,"score":105,"start_time":"Sun, 03 Dec 2023 20:54:47 GMT","state":"FINISHED","status_code":200,"tests_failed":0,"tests_passed":12,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"base-uri":["'self'"],"block-all-mixed-content":["'none'"],"connect-src":["'self'","https://plausible.io","https://sentry.apprentissage.beta.gouv.fr"],"default-src":["'self'","https://plausible.io"],"font-src":["'self'","data:","https:"],"frame-ancestors":["'self'","https://cfas.apprentissage.beta.gouv.fr"],"frame-src":["'self'","https://cfas-recette.apprentissage.beta.gouv.fr","https://plausible.io","https://cfas.apprentissage.beta.gouv.fr"],"img-src":["https://www.notion.so","https://mission-apprentissage.notion.site","https://files.tableau-de-bord.apprentissage.beta.gouv.fr","'self'","data:"],"object-src":["'none'"],"script-src":["'self'","https://plausible.io"],"script-src-attr":["'none'"],"style-src":["'self'","'unsafe-inline'","https:","*.plausible.io"],"upgrade-insecure-requests":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":true,"defaultNone":false,"insecureBaseUri":false,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-unsafe-inline-in-style-src-only","score_description":"Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https:.","score_modifier":0},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://cfas.apprentissage.beta.gouv.fr/","redirects":true,"route":["http://cfas.apprentissage.beta.gouv.fr/","https://cfas.apprentissage.beta.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"no-referrer-when-downgrade","http":true,"meta":false},"pass":true,"result":"referrer-policy-no-referrer-when-downgrade","score_description":"Referrer-Policy header set to \"no-referrer-when-downgrade\"","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000; includeSubdomains","includeSubDomains":true,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"SAMEORIGIN"},"pass":true,"result":"x-frame-options-implemented-via-csp","score_description":"X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive","score_modifier":5},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}} \ No newline at end of file +{"url":"https://cfas.apprentissage.beta.gouv.fr","algorithm_version":2,"end_time":"Fri, 08 Dec 2023 09:11:56 GMT","grade":"A+","hidden":false,"likelihood_indicator":"LOW","response_headers":{"Cache-Control":"private, no-cache, no-store, max-age=0, must-revalidate","Connection":"keep-alive","Content-Encoding":"gzip","Content-Security-Policy":"default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;","Content-Type":"text/html; charset=utf-8","Date":"Fri, 08 Dec 2023 09:11:54 GMT","ETag":"\"v1isj11xdjoo8\"","Referrer-Policy":"no-referrer-when-downgrade","Strict-Transport-Security":"max-age=31536000; includeSubdomains","Transfer-Encoding":"chunked","Vary":"Accept-Encoding","X-Content-Type-Options":"nosniff","X-Frame-Options":"SAMEORIGIN"},"scan_id":45314506,"score":105,"start_time":"Fri, 08 Dec 2023 09:11:51 GMT","state":"FINISHED","status_code":200,"tests_failed":0,"tests_passed":12,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"base-uri":["'self'"],"block-all-mixed-content":["'none'"],"connect-src":["https://sentry.apprentissage.beta.gouv.fr","https://plausible.io","'self'"],"default-src":["https://plausible.io","'self'"],"font-src":["https:","data:","'self'"],"frame-ancestors":["https://cfas.apprentissage.beta.gouv.fr","'self'"],"frame-src":["https://cfas.apprentissage.beta.gouv.fr","https://cfas-recette.apprentissage.beta.gouv.fr","https://plausible.io","'self'"],"img-src":["data:","https://files.tableau-de-bord.apprentissage.beta.gouv.fr","https://www.notion.so","https://mission-apprentissage.notion.site","'self'"],"object-src":["'none'"],"script-src":["https://plausible.io","'self'"],"script-src-attr":["'none'"],"style-src":["https:","'unsafe-inline'","*.plausible.io","'self'"],"upgrade-insecure-requests":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":true,"defaultNone":false,"insecureBaseUri":false,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-unsafe-inline-in-style-src-only","score_description":"Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https:.","score_modifier":0},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://cfas.apprentissage.beta.gouv.fr/","redirects":true,"route":["http://cfas.apprentissage.beta.gouv.fr/","https://cfas.apprentissage.beta.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"no-referrer-when-downgrade","http":true,"meta":false},"pass":true,"result":"referrer-policy-no-referrer-when-downgrade","score_description":"Referrer-Policy header set to \"no-referrer-when-downgrade\"","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000; includeSubdomains","includeSubDomains":true,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"SAMEORIGIN"},"pass":true,"result":"x-frame-options-implemented-via-csp","score_description":"X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive","score_modifier":5},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}} \ No newline at end of file diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/lhr-aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZyLw==.html b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/lhr-aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZyLw==.html index 845f078ee84..e5f00637ed9 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/lhr-aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZyLw==.html +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/lhr-aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZyLw==.html @@ -28,7 +28,7 @@
- +
Loading...
", + "ip": "141.95.161.225", + "timestamp": "2023-12-08T09:16:14.259399886Z", + "curl-command": "curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)' 'https://cfas.apprentissage.beta.gouv.fr'", "matcher-status": true }, { @@ -70,9 +99,9 @@ "host": "https://cfas.apprentissage.beta.gouv.fr", "matched-at": "https://cfas.apprentissage.beta.gouv.fr", "request": "GET / HTTP/1.1\r\nHost: cfas.apprentissage.beta.gouv.fr\r\nUser-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)\r\nConnection: close\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n", - "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Mon, 04 Dec 2023 16:27:18 GMT\r\nEtag: \"5lbmohkl51oo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", + "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Fri, 08 Dec 2023 09:16:28 GMT\r\nEtag: \"10a61ieq5gmoo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:27:18.064836316Z", + "timestamp": "2023-12-08T09:16:28.813213281Z", "curl-command": "curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)' 'https://cfas.apprentissage.beta.gouv.fr'", "matcher-status": true }, @@ -109,9 +138,9 @@ "host": "https://cfas.apprentissage.beta.gouv.fr", "matched-at": "https://cfas.apprentissage.beta.gouv.fr", "request": "GET / HTTP/1.1\r\nHost: cfas.apprentissage.beta.gouv.fr\r\nUser-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)\r\nConnection: close\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n", - "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Mon, 04 Dec 2023 16:27:18 GMT\r\nEtag: \"5lbmohkl51oo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", + "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Fri, 08 Dec 2023 09:16:28 GMT\r\nEtag: \"10a61ieq5gmoo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:27:18.064882532Z", + "timestamp": "2023-12-08T09:16:28.813263896Z", "curl-command": "curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)' 'https://cfas.apprentissage.beta.gouv.fr'", "matcher-status": true }, @@ -148,9 +177,9 @@ "host": "https://cfas.apprentissage.beta.gouv.fr", "matched-at": "https://cfas.apprentissage.beta.gouv.fr", "request": "GET / HTTP/1.1\r\nHost: cfas.apprentissage.beta.gouv.fr\r\nUser-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)\r\nConnection: close\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n", - "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Mon, 04 Dec 2023 16:27:18 GMT\r\nEtag: \"5lbmohkl51oo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", + "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Fri, 08 Dec 2023 09:16:28 GMT\r\nEtag: \"10a61ieq5gmoo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:27:18.06490286Z", + "timestamp": "2023-12-08T09:16:28.813280317Z", "curl-command": "curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)' 'https://cfas.apprentissage.beta.gouv.fr'", "matcher-status": true }, @@ -187,9 +216,9 @@ "host": "https://cfas.apprentissage.beta.gouv.fr", "matched-at": "https://cfas.apprentissage.beta.gouv.fr", "request": "GET / HTTP/1.1\r\nHost: cfas.apprentissage.beta.gouv.fr\r\nUser-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)\r\nConnection: close\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n", - "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Mon, 04 Dec 2023 16:27:18 GMT\r\nEtag: \"5lbmohkl51oo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", + "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Fri, 08 Dec 2023 09:16:28 GMT\r\nEtag: \"10a61ieq5gmoo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:27:18.064916986Z", + "timestamp": "2023-12-08T09:16:28.813295585Z", "curl-command": "curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)' 'https://cfas.apprentissage.beta.gouv.fr'", "matcher-status": true }, @@ -226,9 +255,9 @@ "host": "https://cfas.apprentissage.beta.gouv.fr", "matched-at": "https://cfas.apprentissage.beta.gouv.fr", "request": "GET / HTTP/1.1\r\nHost: cfas.apprentissage.beta.gouv.fr\r\nUser-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)\r\nConnection: close\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n", - "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Mon, 04 Dec 2023 16:27:18 GMT\r\nEtag: \"5lbmohkl51oo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", + "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Fri, 08 Dec 2023 09:16:28 GMT\r\nEtag: \"10a61ieq5gmoo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:27:18.064934449Z", + "timestamp": "2023-12-08T09:16:28.813310362Z", "curl-command": "curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)' 'https://cfas.apprentissage.beta.gouv.fr'", "matcher-status": true }, @@ -265,9 +294,9 @@ "host": "https://cfas.apprentissage.beta.gouv.fr", "matched-at": "https://cfas.apprentissage.beta.gouv.fr", "request": "GET / HTTP/1.1\r\nHost: cfas.apprentissage.beta.gouv.fr\r\nUser-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)\r\nConnection: close\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n", - "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Mon, 04 Dec 2023 16:27:18 GMT\r\nEtag: \"5lbmohkl51oo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", + "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private, no-cache, no-store, max-age=0, must-revalidate\r\nContent-Security-Policy: default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;\r\nContent-Type: text/html; charset=utf-8\r\nDate: Fri, 08 Dec 2023 09:16:28 GMT\r\nEtag: \"10a61ieq5gmoo9\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n
Loading...
", "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:27:18.064947443Z", + "timestamp": "2023-12-08T09:16:28.813323637Z", "curl-command": "curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)' 'https://cfas.apprentissage.beta.gouv.fr'", "matcher-status": true }, @@ -307,9 +336,9 @@ "host": "https://cfas.apprentissage.beta.gouv.fr", "matched-at": "https://cfas.apprentissage.beta.gouv.fr/", "request": "POST / HTTP/1.1\r\nHost: cfas.apprentissage.beta.gouv.fr\r\nUser-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)\r\nConnection: close\r\nContent-Length: 27\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip\r\n\r\n_=", - "response": "HTTP/1.1 429 Too Many Requests\r\nConnection: close\r\nContent-Length: 162\r\nContent-Type: text/html\r\nDate: Mon, 04 Dec 2023 16:27:39 GMT\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n\r\n429 Too Many Requests\r\n\r\n

429 Too Many Requests

\r\n
nginx
\r\n\r\n\r\n", + "response": "HTTP/1.1 429 Too Many Requests\r\nConnection: close\r\nContent-Length: 162\r\nContent-Type: text/html\r\nDate: Fri, 08 Dec 2023 09:17:07 GMT\r\nStrict-Transport-Security: max-age=31536000; includeSubdomains\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n\r\n429 Too Many Requests\r\n\r\n

429 Too Many Requests

\r\n
nginx
\r\n\r\n\r\n", "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:27:39.844782794Z", + "timestamp": "2023-12-08T09:17:07.26542986Z", "curl-command": "curl -X 'POST' -d '_=' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Host: cfas.apprentissage.beta.gouv.fr' -H 'User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)' 'https://cfas.apprentissage.beta.gouv.fr/'", "matcher-status": true }, @@ -360,7 +389,7 @@ ], "response": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4\r\n", "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:27:59.731205311Z", + "timestamp": "2023-12-08T09:17:40.284991333Z", "matcher-status": true }, { @@ -389,7 +418,7 @@ "Let's Encrypt" ], "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:28:01.323769251Z", + "timestamp": "2023-12-08T09:17:43.103790075Z", "matcher-status": true }, { @@ -418,7 +447,7 @@ "cfas.apprentissage.beta.gouv.fr" ], "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:28:01.323888524Z", + "timestamp": "2023-12-08T09:17:43.103906442Z", "matcher-status": true }, { @@ -448,7 +477,7 @@ "tls12" ], "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:28:03.45517319Z", + "timestamp": "2023-12-08T09:17:45.954006362Z", "matcher-status": true }, { @@ -478,7 +507,7 @@ "tls13" ], "ip": "141.95.161.225", - "timestamp": "2023-12-04T16:28:03.646954298Z", + "timestamp": "2023-12-08T09:17:46.277160024Z", "matcher-status": true } ] diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.csv b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.csv index d09d9d329ca..cc98b8e59db 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.csv +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.csv @@ -48,7 +48,7 @@ "cert_trust","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","OK","Ok via SAN and CN (same w/o SNI)","","" "cert_chain_of_trust","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","OK","passed.","","" "cert_certificatePolicies_EV","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","INFO","no","","" -"cert_expirationStatus","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","OK","61 >= 30 days","","" +"cert_expirationStatus","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","OK","57 >= 30 days","","" "cert_notBefore","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","INFO","2023-11-06 00:00","","" "cert_notAfter","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","OK","2024-02-04 00:00","","" "cert_extlifeSpan","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","OK","certificate has no extended life time according to browser forum","","" @@ -77,7 +77,7 @@ "intermediate_cert_badOCSP","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","OK","intermediate certificate(s) is/are ok","","" "HTTP_status_code","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","INFO","200 OK ('/')","","" "HTTP_clock_skew","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","INFO","0 seconds from localtime","","" -"HTTP_headerTime","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","INFO","1701707119","","" +"HTTP_headerTime","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","INFO","1702026824","","" "HSTS_time","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","OK","365 days (=31536000 seconds) > 15552000 seconds","","" "HSTS_subdomains","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","OK","includes subdomains","","" "HSTS_preload","cfas.apprentissage.beta.gouv.fr/141.95.161.225","443","INFO","domain is NOT marked for preloading","","" diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.html b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.html index e911c9500c6..0f16a34ad0c 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.html +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.html @@ -21,11 +21,11 @@ ########################################################### Using "OpenSSL 1.0.2-bad (1.0.2k-dev)" [~183 ciphers] - on fv-az1152-403:/home/testssl/bin/openssl.Linux.x86_64 + on fv-az695-46:/home/testssl/bin/openssl.Linux.x86_64 (built: "Sep 1 14:03:44 2022", platform: "linux-x86_64") - Start 2023-12-04 16:24:55 -->> 141.95.161.225:443 (cfas.apprentissage.beta.gouv.fr) <<-- + Start 2023-12-08 09:12:47 -->> 141.95.161.225:443 (cfas.apprentissage.beta.gouv.fr) <<-- rDNS (141.95.161.225): vps-9b4d259a.vps.ovh.net. Service detected: HTTP @@ -107,7 +107,7 @@ Trust (hostname) Ok via SAN and CN (same w/o SNI) Chain of trust Ok EV cert (experimental) no - Certificate Validity (UTC) 61 >= 30 days (2023-11-06 00:00 --> 2024-02-04 00:00) + Certificate Validity (UTC) 57 >= 30 days (2023-11-06 00:00 --> 2024-02-04 00:00) ETS/"eTLS", visibility info not present Certificate Revocation List -- OCSP URI http://r3.o.lencr.org @@ -233,7 +233,7 @@ Final Score 96 Overall Grade A+ - Done 2023-12-04 16:25:49 [ 56s] -->> 141.95.161.225:443 (cfas.apprentissage.beta.gouv.fr) <<-- + Done 2023-12-08 09:14:26 [ 101s] -->> 141.95.161.225:443 (cfas.apprentissage.beta.gouv.fr) <<-- diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.json index a4fd6ac9de8..3b72fdeaf5d 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.json +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/testssl.json @@ -353,7 +353,7 @@ "ip" : "cfas.apprentissage.beta.gouv.fr/141.95.161.225", "port" : "443", "severity" : "OK", - "finding" : "61 >= 30 days" + "finding" : "57 >= 30 days" } , { "id" : "cert_notBefore", @@ -556,7 +556,7 @@ "ip" : "cfas.apprentissage.beta.gouv.fr/141.95.161.225", "port" : "443", "severity" : "INFO", - "finding" : "1701707119" + "finding" : "1702026824" } , { "id" : "HSTS_time", @@ -1147,6 +1147,6 @@ "ip" : "cfas.apprentissage.beta.gouv.fr/141.95.161.225", "port" : "443", "severity" : "INFO", - "finding" : "56" + "finding" : "101" } ] diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/thirdparties.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/thirdparties.json index c04a2962c96..a13d96ca904 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/thirdparties.json +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/thirdparties.json @@ -7,8 +7,8 @@ "content-encoding": "gzip", "content-security-policy": "default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;", "content-type": "text/html; charset=utf-8", - "date": "Mon, 04 Dec 2023 16:24:18 GMT", - "etag": "\"lvnn1rffbpoo9\"", + "date": "Fri, 08 Dec 2023 09:12:26 GMT", + "etag": "\"61gxl56m4moo9\"", "referrer-policy": "no-referrer-when-downgrade", "strict-transport-security": "max-age=31536000; includeSubdomains", "transfer-encoding": "chunked", diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/updownio.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/updownio.json index 0361078450d..5c050e1ef60 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/updownio.json +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/updownio.json @@ -1 +1 @@ -{"token":"0dzj","url":"https://cfas.apprentissage.beta.gouv.fr","alias":null,"last_status":200,"uptime":100,"down":false,"down_since":null,"error":null,"period":3600,"apdex_t":0.5,"string_match":"","enabled":true,"published":false,"disabled_locations":[],"recipients":["email:3896582286","slack_compatible:4124784183","webhook:3682878135"],"last_check_at":"2023-12-04T16:18:51Z","next_check_at":"2023-12-04T17:18:27Z","mute_until":"forever","favicon_url":"https://cfas.apprentissage.beta.gouv.fr/favicon.ico","custom_headers":{},"http_verb":"GET/HEAD","http_body":"","ssl":{"tested_at":"2023-12-04T14:19:44Z","expires_at":"2024-02-04T00:00:14Z","valid":true,"error":null},"metrics":{},"uptimeGrade":"A"} \ No newline at end of file +{"token":"0dzj","url":"https://cfas.apprentissage.beta.gouv.fr","alias":null,"last_status":200,"uptime":100,"down":false,"down_since":null,"error":null,"period":3600,"apdex_t":0.5,"string_match":"","enabled":true,"published":false,"disabled_locations":[],"recipients":["email:3896582286","slack_compatible:4124784183","webhook:3682878135"],"last_check_at":"2023-12-08T08:53:13Z","next_check_at":"2023-12-08T09:52:44Z","mute_until":"forever","favicon_url":"https://cfas.apprentissage.beta.gouv.fr/favicon.ico","custom_headers":{},"http_verb":"GET/HEAD","http_body":"","ssl":{"tested_at":"2023-12-08T07:53:46Z","expires_at":"2024-02-04T00:00:14Z","valid":true,"error":null},"metrics":{"apdex":1,"timings":{"redirect":0,"namelookup":201,"connection":110,"handshake":116,"response":202,"total":629}},"uptimeGrade":"A","apdexGrade":"A"} \ No newline at end of file diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/zap.html b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/zap.html index ad7a309e4ad..2946f1e4d6e 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/zap.html +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/zap.html @@ -127,7 +127,7 @@

- Generated on Mon, 4 Dec 2023 16:23:37 + Generated on Fri, 8 Dec 2023 09:11:23

@@ -255,7 +255,7 @@

Alerts

Information Disclosure - Suspicious Comments Informational - 12 + 19 Modern Web Application @@ -275,22 +275,22 @@

Alerts

Sec-Fetch-Dest Header is Missing Informational - 3 + 4 Sec-Fetch-Mode Header is Missing Informational - 3 + 4 Sec-Fetch-Site Header is Missing Informational - 3 + 4 Sec-Fetch-User Header is Missing Informational - 3 + 4 Session Management Response Identified @@ -300,7 +300,7 @@

Alerts

Storable and Cacheable Content Informational - 8 + 7 Storable but Non-Cacheable Content @@ -1266,7 +1266,7 @@

Alert Detail

URL - https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-71eb2bb35242e6cd.js + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-3e9b0437c112faa3.js Alert Detail URL - https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/973-70007a5613e3b195.js + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/framework-0e91cc6ba5b64b05.js Alert Detail URL - https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-ca37d3d155c57524.js + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-d9fdc7b5eb00ffc5.js Alert Detail Evidence - /_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest + /_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest Other Info - �����쵫bs�5��!PB��c5�G������'޲ + �����쵫bs�uG�舴f{�ϗ�^�������'޲ @@ -2877,18 +2877,18 @@

Alert Detail

Evidence - /_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest + /_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest Other Info - �����쵫bs�5��!PB��c5�G������'޲ + �����쵫bs�uG�舴f{�ϗ�^�������'޲ URL - https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-ca37d3d155c57524.js + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-d9fdc7b5eb00ffc5.js Alert Detail URL - https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/6669-db93da49576237d2.js + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/6669-d87aa4739491dc9d.js Alert Detail Evidence - /_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest + /_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest Other Info - �����쵫bs�5��!PB��c5�G������'޲ + �����쵫bs�uG�舴f{�ϗ�^�������'޲ @@ -3145,18 +3145,18 @@

Alert Detail

Evidence - /_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest + /_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest Other Info - �����쵫bs�5��!PB��c5�G������'޲ + �����쵫bs�uG�舴f{�ϗ�^�������'޲ URL - https://cfas.apprentissage.beta.gouv.fr/mot-de-passe-oublie + https://cfas.apprentissage.beta.gouv.fr/modifier-mot-de-passe Alert Detail Evidence - /_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest + /_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest Other Info - �����쵫bs�5��!PB��c5�G������'޲ + �����쵫bs�uG�舴f{�ϗ�^�������'޲ @@ -3207,12 +3207,12 @@

Alert Detail

Evidence - /_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest + /_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest Other Info - �����쵫bs�5��!PB��c5�G������'޲ + �����쵫bs�uG�舴f{�ϗ�^�������'޲ @@ -3238,12 +3238,12 @@

Alert Detail

Evidence - /_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest + /_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest Other Info - �����쵫bs�5��!PB��c5�G������'޲ + �����쵫bs�uG�舴f{�ϗ�^�������'޲ @@ -3411,7 +3411,7 @@

Alert Detail

Other Info - The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"auth":null,"_sentryTraceData":"14cfbe9280e24a6ebf1e66", see evidence field for the suspicious comment/snippet. + The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"auth":null,"_sentryTraceData":"0405fc863b61432aaf2b0c", see evidence field for the suspicious comment/snippet. @@ -3442,7 +3442,7 @@

Alert Detail

Other Info - The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"auth":null,"_sentryTraceData":"fc031bbbbda1426584a4a2", see evidence field for the suspicious comment/snippet. + The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"auth":null,"_sentryTraceData":"f4c9cd42656c4ecebad796", see evidence field for the suspicious comment/snippet. @@ -3473,13 +3473,13 @@

Alert Detail

Other Info - The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"auth":null,"_sentryTraceData":"e989a544e2324ff1bc0b8a", see evidence field for the suspicious comment/snippet. + The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"auth":null,"_sentryTraceData":"b7dabd134c69481a818ff9", see evidence field for the suspicious comment/snippet. URL - https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-ca37d3d155c57524.js + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-d9fdc7b5eb00ffc5.js Alert Detail URL - https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/9666-ff36dba83b9aaa2c.js + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/5677-2fa43b41d4794af2.js Alert Detail Other Info - The following pattern was used: \bSELECT\b and was detected in the element starting with: "*/!function(){"use strict";var n={}.hasOwnProperty;function a(){for(var e=[],t=0;t<arguments.length;t++){var r=arguments[t];if(r", see evidence field for the suspicious comment/snippet. + The following pattern was used: \bSELECT\b and was detected in the element starting with: "(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[5677],{3567:function(e,t,n){"use strict";let r,i,a,o;n.d(t,{Y2:function", see evidence field for the suspicious comment/snippet. + + + + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/6669-d87aa4739491dc9d.js + + + Method + GET + + + Parameter + + + + Attack + + + + Evidence + admin + + + Other Info + The following pattern was used: \bADMIN\b and was detected in the element starting with: "(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[6669],{22578:function(e,n,r){"use strict";r.d(n,{Dq:function(){return o", see evidence field for the suspicious comment/snippet. @@ -3665,7 +3696,100 @@

Alert Detail

URL - https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/index-d43705440625fb67.js + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-3e9b0437c112faa3.js + + + Method + GET + + + Parameter + + + + Attack + + + + Evidence + bug + + + Other Info + The following pattern was used: \bBUG\b and was detected in the element starting with: " hot module replacement.`;console.warn(t)}}(e.key),W.set(e.key,e);let t=null==e.set?new F.RecoilValueReadOnly(e.key):new F.", see evidence field for the suspicious comment/snippet. + + + + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-3e9b0437c112faa3.js + + + Method + GET + + + Parameter + + + + Attack + + + + Evidence + Db + + + Other Info + The following pattern was used: \bDB\b and was detected 2 times, the first in the element starting with: "`):console.warn("Tracing extension 'startTransaction' is missing. You should 'init' the SDK before calling 'startTransaction'")}", see evidence field for the suspicious comment/snippet. + + + + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-3e9b0437c112faa3.js + + + Method + GET + + + Parameter + + + + Attack + + + + Evidence + from + + + Other Info + The following pattern was used: \bFROM\b and was detected 4 times, the first in the element starting with: "(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[2888],{92373:function(e){var t="undefined"!=typeof Element,n="function"", see evidence field for the suspicious comment/snippet. + + + + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-3e9b0437c112faa3.js Alert Detail Other Info - The following pattern was used: \bQUERY\b and was detected in the element starting with: "(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[5405],{63391:function(l,e,n){"use strict";n.d(e,{Z:function(){return r}", see evidence field for the suspicious comment/snippet. + The following pattern was used: \bQUERY\b and was detected 3 times, the first in the element starting with: "Error:`,t)}}function ni(){t2(e=>{nr("cls",{metric:e}),l=e})}function no(){t7(e=>{nr("fid",{metric:e}),u=e})}function na(){t9(e=>", see evidence field for the suspicious comment/snippet. + + + + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-3e9b0437c112faa3.js + + + Method + GET + + + Parameter + + + + Attack + + + + Evidence + select + + + Other Info + The following pattern was used: \bSELECT\b and was detected 4 times, the first in the element starting with: " ${e} :where(button, input, optgroup, select, textarea) {", see evidence field for the suspicious comment/snippet. + + + + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-3e9b0437c112faa3.js + + + Method + GET + + + Parameter + + + + Attack + + + + Evidence + user + + + Other Info + The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: " */var r=n(27378),i="function"==typeof Object.is?Object.is:function(e,t){return e===t&&(0!==e||1/e==1/t)||e!=e&&t!=t},o=r.useSta", see evidence field for the suspicious comment/snippet. + + + + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-3e9b0437c112faa3.js + + + Method + GET + + + Parameter + + + + Attack + + + + Evidence + where + + + Other Info + The following pattern was used: \bWHERE\b and was detected 13 times, the first in the element starting with: " ${e} :where(*, *::before, *::after) {", see evidence field for the suspicious comment/snippet. @@ -3752,12 +3969,12 @@

Alert Detail

Other Info - The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{}},"page":"/404","query":{},"buildId":"k10OkhAVBCufC8H", see evidence field for the suspicious comment/snippet. + The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{}},"page":"/404","query":{},"buildId":"91GUeZHeiItGZ7h", see evidence field for the suspicious comment/snippet. Instances - 12 + 19 Solution @@ -3994,7 +4211,7 @@

Alert Detail

URL - https://cfas.apprentissage.beta.gouv.fr/cgu + https://cfas.apprentissage.beta.gouv.fr/auth/inscription Alert Detail + + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/webpack-59537d1263371352.js + + + Method + GET + + + Parameter + Sec-Fetch-Dest + + + Attack + + + + Evidence + + + + Other Info + + + URL @@ -4751,7 +4999,7 @@

Alert Detail

Instances - 3 + 4 Solution @@ -4833,6 +5081,37 @@

Alert Detail

+ + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/webpack-59537d1263371352.js + + + Method + GET + + + Parameter + Sec-Fetch-Mode + + + Attack + + + + Evidence + + + + Other Info + + + URL @@ -4897,7 +5176,7 @@

Alert Detail

Instances - 3 + 4 Solution @@ -4979,6 +5258,37 @@

Alert Detail

+ + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/webpack-59537d1263371352.js + + + Method + GET + + + Parameter + Sec-Fetch-Site + + + Attack + + + + Evidence + + + + Other Info + + + URL @@ -5043,7 +5353,7 @@

Alert Detail

Instances - 3 + 4 Solution @@ -5125,6 +5435,37 @@

Alert Detail

+ + URL + https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/webpack-59537d1263371352.js + + + Method + GET + + + Parameter + Sec-Fetch-User + + + Attack + + + + Evidence + + + + Other Info + + + URL @@ -5189,7 +5530,7 @@

Alert Detail

Instances - 3 + 4 Solution @@ -5263,7 +5604,7 @@

Alert Detail

Evidence - 1fe21a98-152d-4bbc-96a5-7fdb94006ee4 + 3a4e9c0d-6648-4071-b02d-b770601db512 Alert Detail Evidence - 2bf31b05-1d3b-417f-b41d-9d3fea0a3f48 + 373baab2-bae7-4b40-8b75-be9b6110063d Alert Detail Evidence - 0eb4da77-fa00-41dc-b61c-fc9e050bc4f4 + 3603085e-c61f-45a0-a491-975d65006523 Alert Detail Evidence - 755500d5-7c2f-4fc6-a619-05fe5c947119 + d9dcc05d-4511-4802-9a46-0e96c2ddb55b Alert Detail URL - https://cfas.apprentissage.beta.gouv.fr/metabase/public/dashboard/3725a628-f37b-4220-8e55-b63241835b13 + https://cfas.apprentissage.beta.gouv.fr/metabase/public/dashboard/9808c918-2d2f-4ae5-b0e7-5e1d982e3e66 Alert Detail Evidence - 1fe21a98-152d-4bbc-96a5-7fdb94006ee4 + d9dcc05d-4511-4802-9a46-0e96c2ddb55b Alert Detail - - URL - https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/4956-58ccbc0228fd68b5.js - - - Method - GET - - - Parameter - - - - Attack - - - - Evidence - max-age=31536000 - - - Other Info - - - URL @@ -5702,7 +6012,7 @@

Alert Detail

Instances - 8 + 7 Solution diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/zap.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/zap.json index 23846ba3a1c..33c335b7f99 100644 --- a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/zap.json +++ b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/zap.json @@ -1,7 +1,7 @@ { "@programName": "ZAP", "@version": "2.14.0", - "@generated": "Mon, 4 Dec 2023 16:23:37", + "@generated": "Fri, 8 Dec 2023 09:11:24", "site":[ { "@name": "https://cfas.apprentissage.beta.gouv.fr", @@ -66,7 +66,7 @@ "reference": "

http://www.w3.org/TR/CSP2/

http://www.w3.org/TR/CSP/

http://caniuse.com/#search=content+security+policy

http://content-security-policy.com/

https://github.com/shapesecurity/salvation

https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources

", "cweid": "693", "wascid": "15", - "sourceid": "1" + "sourceid": "6" }, { "pluginid": "10055", @@ -125,7 +125,7 @@ "reference": "

http://www.w3.org/TR/CSP2/

http://www.w3.org/TR/CSP/

http://caniuse.com/#search=content+security+policy

http://content-security-policy.com/

https://github.com/shapesecurity/salvation

https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources

", "cweid": "693", "wascid": "15", - "sourceid": "1" + "sourceid": "6" }, { "pluginid": "10099", @@ -184,7 +184,7 @@ "reference": "

https://www.wsj.com/articles/BL-CIOB-2999

", "cweid": "540", "wascid": "13", - "sourceid": "145" + "sourceid": "144" }, { "pluginid": "10003", @@ -211,7 +211,7 @@ "reference": "

https://github.com/advisories/GHSA-c59h-r6p8-q9wc

", "cweid": "829", "wascid": "-1", - "sourceid": "42" + "sourceid": "47" }, { "pluginid": "10054", @@ -262,7 +262,7 @@ "reference": "

https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site

", "cweid": "1275", "wascid": "13", - "sourceid": "122" + "sourceid": "115" }, { "pluginid": "10110", @@ -275,7 +275,7 @@ "desc": "

A dangerous JS function seems to be in use that would leave the site vulnerable.

", "instances":[ { - "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-71eb2bb35242e6cd.js", + "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/pages/_app-3e9b0437c112faa3.js", "method": "GET", "param": "", "attack": "", @@ -313,7 +313,7 @@ "reference": "

https://angular.io/guide/security

", "cweid": "749", "wascid": "-1", - "sourceid": "67" + "sourceid": "54" }, { "pluginid": "10063", @@ -374,7 +374,7 @@ "otherinfo": "" }, { - "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/973-70007a5613e3b195.js", + "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/framework-0e91cc6ba5b64b05.js", "method": "GET", "param": "", "attack": "", @@ -420,7 +420,7 @@ "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy

https://developer.chrome.com/blog/feature-policy/

https://scotthelme.co.uk/a-new-security-header-feature-policy/

https://w3c.github.io/webappsec-feature-policy/

https://www.smashingmagazine.com/2018/12/feature-policy/

", "cweid": "693", "wascid": "15", - "sourceid": "6" + "sourceid": "1" }, { "pluginid": "10035", @@ -535,7 +535,7 @@ "reference": "

http://tools.ietf.org/html/rfc6797#section-8.1

", "cweid": "319", "wascid": "15", - "sourceid": "128" + "sourceid": "129" }, { "pluginid": "10096", @@ -548,7 +548,7 @@ "desc": "

A timestamp was disclosed by the application/web server - Unix

", "instances":[ { - "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-ca37d3d155c57524.js", + "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-d9fdc7b5eb00ffc5.js", "method": "GET", "param": "", "attack": "", @@ -699,19 +699,19 @@ "method": "GET", "param": "", "attack": "", - "evidence": "/_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest", - "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFD5\uFFFD\uFFFD!\\x0001PB\uFFFD\uFFFD\\x001ec5\uFFFDG\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" + "evidence": "/_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest", + "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFDu\\x0019G\uFFFD\\x001d\u8234f{\uFFFD\u03D7\uFFFD^\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" }, { "uri": "https://cfas.apprentissage.beta.gouv.fr/", "method": "GET", "param": "", "attack": "", - "evidence": "/_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest", - "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFD5\uFFFD\uFFFD!\\x0001PB\uFFFD\uFFFD\\x001ec5\uFFFDG\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" + "evidence": "/_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest", + "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFDu\\x0019G\uFFFD\\x001d\u8234f{\uFFFD\u03D7\uFFFD^\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" }, { - "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-ca37d3d155c57524.js", + "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/3676-d9fdc7b5eb00ffc5.js", "method": "GET", "param": "", "attack": "", @@ -727,7 +727,7 @@ "otherinfo": "\uFFFD\uFFFD?\uFFFD\uFFFD\uFFFDq\uFFFD\uFFFDr\u979E\uFFFD\uFFFD\uFFFDN\uFFFD{\\x001b^\uFFFD\u05DD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD" }, { - "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/6669-db93da49576237d2.js", + "uri": "https://cfas.apprentissage.beta.gouv.fr/_next/static/chunks/6669-d87aa4739491dc9d.js", "method": "GET", "param": "", "attack": "", @@ -747,49 +747,49 @@ "method": "GET", "param": "", "attack": "", - "evidence": "/_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest", - "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFD5\uFFFD\uFFFD!\\x0001PB\uFFFD\uFFFD\\x001ec5\uFFFDG\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" + "evidence": "/_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest", + "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFDu\\x0019G\uFFFD\\x001d\u8234f{\uFFFD\u03D7\uFFFD^\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" }, { "uri": "https://cfas.apprentissage.beta.gouv.fr/auth/finalisation", "method": "GET", "param": "", "attack": "", - "evidence": "/_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest", - "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFD5\uFFFD\uFFFD!\\x0001PB\uFFFD\uFFFD\\x001ec5\uFFFDG\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" + "evidence": "/_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest", + "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFDu\\x0019G\uFFFD\\x001d\u8234f{\uFFFD\u03D7\uFFFD^\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" }, { - "uri": "https://cfas.apprentissage.beta.gouv.fr/mot-de-passe-oublie", + "uri": "https://cfas.apprentissage.beta.gouv.fr/modifier-mot-de-passe", "method": "GET", "param": "", "attack": "", - "evidence": "/_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest", - "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFD5\uFFFD\uFFFD!\\x0001PB\uFFFD\uFFFD\\x001ec5\uFFFDG\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" + "evidence": "/_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest", + "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFDu\\x0019G\uFFFD\\x001d\u8234f{\uFFFD\u03D7\uFFFD^\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" }, { "uri": "https://cfas.apprentissage.beta.gouv.fr/robots.txt", "method": "GET", "param": "", "attack": "", - "evidence": "/_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest", - "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFD5\uFFFD\uFFFD!\\x0001PB\uFFFD\uFFFD\\x001ec5\uFFFDG\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" + "evidence": "/_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest", + "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFDu\\x0019G\uFFFD\\x001d\u8234f{\uFFFD\u03D7\uFFFD^\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" }, { "uri": "https://cfas.apprentissage.beta.gouv.fr/stats", "method": "GET", "param": "", "attack": "", - "evidence": "/_next/static/k10OkhAVBCufC8HmM1t0d/_buildManifest", - "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFD5\uFFFD\uFFFD!\\x0001PB\uFFFD\uFFFD\\x001ec5\uFFFDG\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" + "evidence": "/_next/static/91GUeZHeiItGZ7h8-X8V7/_buildManifest", + "otherinfo": "\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFDu\\x0019G\uFFFD\\x001d\u8234f{\uFFFD\u03D7\uFFFD^\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2" } ], "count": "11", "solution": "

Manually confirm that the Base64 data does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.

", - "otherinfo": "

\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFD5\uFFFD\uFFFD!\\x0001PB\uFFFD\uFFFD\\x001ec5\uFFFDG\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2

", + "otherinfo": "

\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uCD6Bbs\uFFFDu\\x0019G\uFFFD\\x001d\u8234f{\uFFFD\u03D7\uFFFD^\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\\x001a\uFFFD'\u07B2

", "reference": "

https://projects.webappsec.org/w/page/13246936/Information%20Leakage

", "cweid": "200", "wascid": "13", - "sourceid": "1" + "sourceid": "6" }, { "pluginid": "10019", @@ -816,7 +816,7 @@ "reference": "

http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx

", "cweid": "345", "wascid": "12", - "sourceid": "133" + "sourceid": "134" }, { "pluginid": "10027", @@ -834,7 +834,7 @@ "param": "", "attack": "", "evidence": "query", - "otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in the element starting with: \"