web application report

Web Application Report

Thisreportincludesimportantsecurityinformationaboutyourwebapplication.

OWASP Top 10 2017 ReportThisreportwascreatedbyIBMSecurityAppScanStandard9.0.3.9,Rules:13536Scanstarted:7/20/20182:32:02AM

Regulations

OWASP Top Ten 2017 – The Ten Most Critical WebApplication Security Risks

SummaryDescription

ThegoaloftheTop10projectistoraiseawarenessaboutapplicationsecuritybyidentifyingsomeofthemostcriticalrisksfacingorganizations.Developmentprojectsshouldaddressthesepotentialrisksintheirrequirementsdocumentsanddesign,buildandtesttheirapplicationstoensurethattheyhavetakenthenecessarymeasurestoreducetheseriskstotheminimum.Projectmanagersshouldincludetimeandbudgetforapplicationsecurityactivitiesincludingdevelopertraining,applicationsecuritypolicydevelopment,securitymechanismdesignanddevelopment,penetrationtesting,andsecuritycodereviewaspartovertheoverallefforttoaddresstherisks.

TheprimaryaimoftheOWASPTop10istoeducatedevelopers,designers,architects,managers,andorganizationsabouttheconsequencesofthemostimportantwebapplicationsecurityrisks.TheTop10providesbasicguidanceonhowtoaddressagainsttheserisksandwheretogotolearnmoreonhowtoaddressthem.

Althoughsetoutasaneducationpiece,ratherthanastandardoraregulation,itisimportanttonotethatseveralprominentindustryandgovernmentregulatorsarereferencingtheOWASPtopten.ThesebodiesincludeamongothersVISAUSA,MasterCardInternationalandtheAmericanFederalTradeCommission(FTC).

However,accordingtotheOWASPteamtheOWASPtoptenfirstandforemostaneducationpiece,notastandard.TheOWASPteamsuggeststhatanyorganizationabouttoadopttheTopTenpaperasapolicyorstandardtoconsultwiththeOWASPteamfirst.

WhatChangedFrom2013to2017?

ThethreatlandscapeforapplicationsandAPIsconstantlychanges.Keyfactorsinthisevolutionaretherapidadoptionofnewtechnologies(includingcloud,containers,andAPIs),theaccelerationandautomationofsoftwaredevelopmentprocesseslikeAgileandDevOps,theexplosionofthird-partylibrariesandframeworks,andadvancesmadebyattackers.ThesefactorsfrequentlymakeapplicationsandAPIsmoredifficulttoanalyze,andcansignificantlychangethethreatlandscape.Tokeeppace,theOWASPorganizationperiodicallyupdatetheOWASPTop10.Inthis2017release,followingchangesweremade:

Merged2013-A4:"InsecureDirectObjectReferences"and2013-A7:"MissingFunctionLevelAccessControl"into2017-A5:"BrokenAccessControl".

Dropped2013-A8:"Cross-SiteRequestForgery(CSRF)"asmanyframeworksincludeCSRFdefenses,itwasfoundinonly5%ofapplications.

7/24/2018 QA-531 1

Dropped2013-A10:"UnvalidatedRedirectsandForwards",whilefoundinapproximatelyin8%ofapplications,itwasedgedoutoverallbyXXE.

Added2017-A4:"XMLExternalEntities(XXE)".

Added2017-A8:"InsecureDeserialization".

Added2017-A10:"InsufficientLoggingandMonitoring".

CoveredEntities

Allcompaniesandotherentitiesthatdevelopanykindofwebapplicationcodeareencouragedtoaddressthetoptenlistaspartoftheiroverallsecurityriskmanagement.AdoptingtheOWASPTopTenisaneffectivefirststeptowardschangingthesoftwaredevelopmentculturewithintheorganizationintoonethatproducessecurecode.

FormoreinformationonOWASPTopTen,pleasereviewthe-OWASPTopTen2017–TheTenMostCriticalWebApplicationSecurityRisks,athttp://www.owasp.org

Formoreinformationonsecuringwebapplications,pleasevisithttp://www-03.ibm.com/software/products/en/category/application-security

The information provided does not constitute legal advice. The results of a vulnerability assessment will demonstratepotential vulnerabilities in your application that should be corrected in order to reduce the likelihood that yourinformation will be compromised. As legal advice must be tailored to the specific application of each law, and lawsare constantly changing, nothing provided herein should be used as a substitute for the advice of competent counsel.IBM customers are responsible for ensuring their own compliance with legal requirements. It is the customer's soleresponsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevantlaws and regulatory requirements that may affect the customer's business and any actions the customer may need totake to comply with such laws.

GDPR ArticlesIssuesdetectedacross5/10sectionsoftheregulation:

Sections Number of Issues

A1-Injection 0A2-Brokenauthentication 1A3-SensitiveDataExposure 217A4-XMLExternalEntities(XXE) 0A5-BrokenAccessControl 219A6-SecurityMisconfiguration 218A7-Crosssitescripting(XSS) 0A8-InsecureDeserialization 0A9-UsingComponentswithKnownVulnerabilities 345A10-InsufficientLoggingandMonitoring 0

7/24/2018 QA-531 2

Section Violation By Issue348Uniqueissuesdetectedacross5/10sectionsoftheregulation:

URL Entity Issue Type Sections

http://cumminsfiltration-stg.bitnamiapp.com/misc/jquery.once.js

jquery.once.js

Missingorinsecure"Content-Security-Policy"header

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/ Missingorinsecure"X-Content-Type-Options"header

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/ BodyParametersAcceptedinQuery

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/ Missingorinsecure"X-XSS-Protection"header

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/jquery_update/replace/ui/ui/minified/jquery.ui.core.min.js

jquery.ui.core.min.js

Missingorinsecure"Content-Security-Policy"header

A3,A5,A6,A9



Missingorinsecure"X-Content-Type-Options"header

A3,A5,A6,A9


jquery.once.js

Missingorinsecure"X-Content-Type-Options"header

A3,A5,A6,A9



Missingorinsecure"X-XSS-Protection"header

A3,A5,A6,A9


jquery.once.js

Missingorinsecure"X-XSS-Protection"header

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/ OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/order order Unsafethird-partylink(target="_blank")

A9


jquery.once.js

OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/jquery_update/replace/jquery/1.8/jquery.min.js

jquery.min.js Missingorinsecure"Content-Security-Policy"header

A3,A5,A6,A9


jquery.min.js Missingorinsecure"X-Content-Type-Options"header

A3,A5,A6,A9


jquery.min.js Missingorinsecure"X-XSS-Protection"header

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/ Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/ Missingorinsecure"Content-Security-Policy"header

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/search/gss/1234

1234 Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/print/699 699 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de de OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

7/24/2018 QA-531 3



http://cumminsfiltration-stg.bitnamiapp.com/














http://cumminsfiltration-stg.bitnamiapp.com/order













http://cumminsfiltration-stg.bitnamiapp.com/print/699

http://cumminsfiltration-stg.bitnamiapp.com/de

http://cumminsfiltration-stg.bitnamiapp.com/misc/drupal.js drupal.js Missingorinsecure"Content-Security-Policy"header

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/misc/drupal.js drupal.js Missingorinsecure"X-Content-Type-Options"header

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/misc/drupal.js drupal.js Missingorinsecure"X-XSS-Protection"header

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/themes/bootstrap/js/bootstrap.min.js

bootstrap.min.js


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr fr Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/order order OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/homepage homepage Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/lube lube Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/products products OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr fr OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/air air Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/de de Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/homepage homepage OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/products products Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/lube lube OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fuel fuel OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/air air OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fuel fuel Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fleetmanager fleetmanager Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fluidanalysis fluidanalysis OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/hydraulics hydraulics Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/hydraulics hydraulics OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fluidanalysis fluidanalysis Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fleetmanager fleetmanager OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/product-releases

product-releases


A3,A5,A6,A9

7/24/2018 QA-531 4

http://cumminsfiltration-stg.bitnamiapp.com/misc/drupal.js





http://cumminsfiltration-stg.bitnamiapp.com/fr


http://cumminsfiltration-stg.bitnamiapp.com/homepage

http://cumminsfiltration-stg.bitnamiapp.com/lube

http://cumminsfiltration-stg.bitnamiapp.com/products


http://cumminsfiltration-stg.bitnamiapp.com/air





http://cumminsfiltration-stg.bitnamiapp.com/fuel



http://cumminsfiltration-stg.bitnamiapp.com/fleetmanager

http://cumminsfiltration-stg.bitnamiapp.com/fluidanalysis

http://cumminsfiltration-stg.bitnamiapp.com/hydraulics






http://cumminsfiltration-stg.bitnamiapp.com/literature/additives

additives Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/literature literature Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/transmission transmission Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/transmission transmission OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


product-releases

Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/fluid-analysis

fluid-analysis OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/air air OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/hydraulic

hydraulic Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/literature literature OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/cooling

cooling Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/applications

applications Unsafethird-partylink(target="_blank")

A9


cooling OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


additives OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


applications OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/air air Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/fuel fuel Unsafethird-partylink(target="_blank")

A9


hydraulic OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/crankcase-ventilation

crankcase-ventilation


A9

http://cumminsfiltration-stg.bitnamiapp.com/msds msds Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/fuel fuel OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9




A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/lube lube Unsafethird-partylink(target="_blank")

A9


fluid-analysis Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/lube lube OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/literature/oil-and-gas

oil-and-gas Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/msds msds OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

7/24/2018 QA-531 5



http://cumminsfiltration-stg.bitnamiapp.com/literature

http://cumminsfiltration-stg.bitnamiapp.com/transmission






http://cumminsfiltration-stg.bitnamiapp.com/literature/air















http://cumminsfiltration-stg.bitnamiapp.com/literature/fuel





http://cumminsfiltration-stg.bitnamiapp.com/msds




http://cumminsfiltration-stg.bitnamiapp.com/literature/lube







http://cumminsfiltration-stg.bitnamiapp.com/customerassistance

customerassistance


A9

http://cumminsfiltration-stg.bitnamiapp.com/fleetguardaccess

fleetguardaccess


A3,A5,A6,A9


oil-and-gas OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/training training Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/warranty warranty Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/training training OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


customerassistance


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/retail-locator retail-locator EmailAddressPatternFound

A3,A5,A6,A9


fleetguardaccess


A9

http://cumminsfiltration-stg.bitnamiapp.com/faq faq Unsafethird-partylink(target="_blank")

A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/completesolution

completesolution


A9

http://cumminsfiltration-stg.bitnamiapp.com/warranty warranty OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/faq faq OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/retail-locator retail-locator Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/retail-locator retail-locator OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/contactus contactus Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/cookies cookies OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


completesolution


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/terms-and-conditions

terms-and-conditions


A9

http://cumminsfiltration-stg.bitnamiapp.com/sitemap sitemap Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/contactus contactus OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9




A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/cookies cookies Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/sitemap sitemap OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/search/gss/1234


A9

7/24/2018 QA-531 6







http://cumminsfiltration-stg.bitnamiapp.com/training

http://cumminsfiltration-stg.bitnamiapp.com/warranty




http://cumminsfiltration-stg.bitnamiapp.com/retail-locator



http://cumminsfiltration-stg.bitnamiapp.com/faq








http://cumminsfiltration-stg.bitnamiapp.com/contactus

http://cumminsfiltration-stg.bitnamiapp.com/cookies





http://cumminsfiltration-stg.bitnamiapp.com/sitemap








http://cumminsfiltration-stg.bitnamiapp.com/delivery delivery OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/FBUDemo/ Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/es/order order Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/addthis/addthis.js

addthis.js OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/es/order order OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/products products Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/delivery delivery Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/de/node/1326 1326 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/products products OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/printpdf/792 792 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/print/792 792 EmailAddressPatternFound

A3,A5,A6,A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/it/node/792 792 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/it/node/792 792 Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/de/node/2016 2016 Unsafethird-partylink(target="_blank")

A9


A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/views_bootstrap/js/views-bootstrap-carousel.js

views-bootstrap-carousel.js


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/sitemap sitemap OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


A3,A5,A6,A9


A9


A3,A5,A6,A9


A9


A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/homepage homepage Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/de/Cookies Cookies Unsafethird-partylink A9

7/24/2018 QA-531 7

http://cumminsfiltration-stg.bitnamiapp.com/delivery

http://cumminsfiltration-stg.bitnamiapp.com/FBUDemo/

http://cumminsfiltration-stg.bitnamiapp.com/es/order




http://cumminsfiltration-stg.bitnamiapp.com/fr/products


http://cumminsfiltration-stg.bitnamiapp.com/de/node/1326


http://cumminsfiltration-stg.bitnamiapp.com/printpdf/792



http://cumminsfiltration-stg.bitnamiapp.com/it/node/792






http://cumminsfiltration-stg.bitnamiapp.com/de/sitemap







http://cumminsfiltration-stg.bitnamiapp.com/fr/homepage

http://cumminsfiltration-stg.bitnamiapp.com/de/Cookies

(target="_blank")http://cumminsfiltration-stg.bitnamiapp.com/fr/air air OverlyPermissiveCORS

AccessPolicyA3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/homepage homepage OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/lube lube Unsafethird-partylink(target="_blank")

A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/Cookies Cookies OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/sitemap sitemap Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/air air Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/lube lube OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/crankcaseventilation

crankcaseventilation


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/fleetmanager fleetmanager OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/hydraulics hydraulics Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/transmission transmission OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9




A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/product-releases

product-releases


A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/hydraulics hydraulics OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/fluidanalysis fluidanalysis Unsafethird-partylink(target="_blank")

A9


product-releases


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/node/699 699 Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/fleetmanager fleetmanager Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/msds msds Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/literature literature OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/fluidanalysis fluidanalysis OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/transmission transmission Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/literature literature Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/contactus contactus Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/fleetguardacc fleetguardacc OverlyPermissiveCORS A3,A5,

7/24/2018 QA-531 8


http://cumminsfiltration-stg.bitnamiapp.com/fr/air


http://cumminsfiltration-stg.bitnamiapp.com/fr/lube








http://cumminsfiltration-stg.bitnamiapp.com/fr/fleetmanager

http://cumminsfiltration-stg.bitnamiapp.com/fr/hydraulics

http://cumminsfiltration-stg.bitnamiapp.com/fr/transmission






http://cumminsfiltration-stg.bitnamiapp.com/fr/fluidanalysis



http://cumminsfiltration-stg.bitnamiapp.com/fr/node/699


http://cumminsfiltration-stg.bitnamiapp.com/fr/msds

http://cumminsfiltration-stg.bitnamiapp.com/fr/literature




http://cumminsfiltration-stg.bitnamiapp.com/fr/contactus

http://cumminsfiltration-stg.bitnamiapp.com/fr/fleetguardaccess

ess ess AccessPolicy A6,A9http://cumminsfiltration-stg.bitnamiapp.com/fr/training training Unsafethird-partylink

(target="_blank")A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/mediacenter mediacenter OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/training training OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/customerassistance

customerassistance


A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/msds msds OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


customerassistance


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/mediacenter mediacenter Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/node/2736 2736 Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/sitemap sitemap OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/history history OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


fleetguardaccess


A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/galleryformatter/theme/infiniteCarousel.js

infiniteCarousel.js


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/contactus contactus OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/node/2736 2736 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/history history Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/Cookies Cookies Unsafethird-partylink(target="_blank")

A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/node/2986 2986 Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/optiair optiair Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/Cookies Cookies OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/sitemap sitemap Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/node/2986 2986 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/galleryformatter/theme/galleryformatter.js

galleryformatter.js


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/videos videos Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/eUpdate eUpdate Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/videos videos OverlyPermissiveCORS A3,A5,

7/24/2018 QA-531 9



http://cumminsfiltration-stg.bitnamiapp.com/fr/training

http://cumminsfiltration-stg.bitnamiapp.com/fr/mediacenter









http://cumminsfiltration-stg.bitnamiapp.com/fr/sitemap

http://cumminsfiltration-stg.bitnamiapp.com/fr/history








http://cumminsfiltration-stg.bitnamiapp.com/fr/Cookies


http://cumminsfiltration-stg.bitnamiapp.com/node/2986

http://cumminsfiltration-stg.bitnamiapp.com/optiair






http://cumminsfiltration-stg.bitnamiapp.com/videos

http://cumminsfiltration-stg.bitnamiapp.com/eUpdate


AccessPolicy A6,A9http://cumminsfiltration-stg.bitnamiapp.com/de/node/1016 1016 Unsafethird-partylink

(target="_blank")A9

http://cumminsfiltration-stg.bitnamiapp.com/nanoforce nanoforce Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/optiair optiair OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/it/node/1019 1019 Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/eUpdate eUpdate OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/directflow directflow OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/nanoforce nanoforce OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/directflow directflow Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/magnumrs magnumrs Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/it/node/1019 1019 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/magnumrs magnumrs OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/spinonfilterlube spinonfilterlube


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/centrifuge centrifuge Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/spinonfilters spinonfilters Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/spinonfilters spinonfilters OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/spinonfilterlube spinonfilterlube


A9

http://cumminsfiltration-stg.bitnamiapp.com/centrifuge centrifuge OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/es/fluidanalysis fluidanalysis Unsafethird-partylink(target="_blank")

A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sensors sensors Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/sensors sensors OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


A9

http://cumminsfiltration-stg.bitnamiapp.com/es/fluidanalysis fluidanalysis OverlyPermissiveCORS A3,A5,

7/24/2018 QA-531 10



http://cumminsfiltration-stg.bitnamiapp.com/nanoforce




http://cumminsfiltration-stg.bitnamiapp.com/directflow



http://cumminsfiltration-stg.bitnamiapp.com/magnumrs




http://cumminsfiltration-stg.bitnamiapp.com/spinonfilterlube

http://cumminsfiltration-stg.bitnamiapp.com/centrifuge

http://cumminsfiltration-stg.bitnamiapp.com/spinonfilters




http://cumminsfiltration-stg.bitnamiapp.com/es/fluidanalysis




http://cumminsfiltration-stg.bitnamiapp.com/sensors




AccessPolicy A6,A9http://cumminsfiltration-stg.bitnamiapp.com/print/1272 1272 EmailAddressPattern

FoundA3,A5,A6,A9


A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/literature/additives

additives Unsafethird-partylink(target="_blank")

A9


additives OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A9

http://cumminsfiltration-stg.bitnamiapp.com/es/literature/fuel

fuel Unsafethird-partylink(target="_blank")

A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/literature/crankcase-ventilation



A9


fuel OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9




A3,A5,A6,A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/webform_conditional/webform_conditional.js

webform_conditional.js


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/printpdf/1182 1182 OverlyPermissiveCORS A3,A5,

7/24/2018 QA-531 11



































AccessPolicy A6,A9http://cumminsfiltration-stg.bitnamiapp.com/de/node/692 692 Unsafethird-partylink

(target="_blank")A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/print/692 692 Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/es/warranty warranty Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/webform/js/webform.js

webform.js OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/misc/form.js form.js OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/misc/textarea.js textarea.js OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/eloqua/eloqua_webform/eloqua_webform.js

eloqua_webform.js


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/captcha/captcha.js

captcha.js OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


A9

http://cumminsfiltration-stg.bitnamiapp.com/es/warranty warranty OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/def def Unsafethird-partylink(target="_blank")

A9


A9


A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/analysis analysis OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/closedcvfilters closedcvfilters


A9

http://cumminsfiltration-stg.bitnamiapp.com/printpdf/688 688 OverlyPermissiveCORS A3,A5,

7/24/2018 QA-531 12









http://cumminsfiltration-stg.bitnamiapp.com/es/warranty



http://cumminsfiltration-stg.bitnamiapp.com/misc/form.js

http://cumminsfiltration-stg.bitnamiapp.com/misc/textarea.js







http://cumminsfiltration-stg.bitnamiapp.com/def








http://cumminsfiltration-stg.bitnamiapp.com/analysis

http://cumminsfiltration-stg.bitnamiapp.com/closedcvfilters


AccessPolicy A6,A9http://cumminsfiltration-stg.bitnamiapp.com/conventional conventional Unsafethird-partylink

(target="_blank")A9

http://cumminsfiltration-stg.bitnamiapp.com/search/gss/cummins

cummins Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/seapro seapro OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/aluminumcorrosion

aluminumcorrosion


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/conventional conventional OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/node/1326 1326 BodyParametersAcceptedinQuery

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/def def OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/analysis analysis Unsafethird-partylink(target="_blank")

A9


aluminumcorrosion


A9

http://cumminsfiltration-stg.bitnamiapp.com/closedcvfilters closedcvfilters


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/search search Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/de/printpdf/699 699 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/zh/search/gss/1234


A9

http://cumminsfiltration-stg.bitnamiapp.com/dieselpro dieselpro Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/search/gss gss Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/dieselpro dieselpro OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/seapro seapro Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/closedcvfilters

closedcvfilters


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/zh/search/gss gss Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/de/node/ OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/node/ Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/zh/search/gss gss BodyParametersAcceptedinQuery

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/it/printpdf/792 792 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/search/gss/1234


A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/hybrid hybrid Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/conventional conventional Unsafethird-partylink A9

7/24/2018 QA-531 13


http://cumminsfiltration-stg.bitnamiapp.com/conventional



http://cumminsfiltration-stg.bitnamiapp.com/seapro










http://cumminsfiltration-stg.bitnamiapp.com/search

http://cumminsfiltration-stg.bitnamiapp.com/de/printpdf/699



http://cumminsfiltration-stg.bitnamiapp.com/dieselpro

http://cumminsfiltration-stg.bitnamiapp.com/search/gss





http://cumminsfiltration-stg.bitnamiapp.com/zh/search/gss

http://cumminsfiltration-stg.bitnamiapp.com/de/node/



http://cumminsfiltration-stg.bitnamiapp.com/it/printpdf/792



http://cumminsfiltration-stg.bitnamiapp.com/fr/hybrid

http://cumminsfiltration-stg.bitnamiapp.com/fr/conventional

(target="_blank")http://cumminsfiltration-stg.bitnamiapp.com/print/ OverlyPermissiveCORS



closedcvfilters


A9

http://cumminsfiltration-stg.bitnamiapp.com/literature literature TemporaryFileDownload A5,A6http://cumminsfiltration-stg.bitnamiapp.com/fr/print/1771 1771 EmailAddressPattern

FoundA3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/print/1771 1771 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/printpdf/1771 1771 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/hybrid hybrid OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/printpdf/692 692 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/conventional conventional OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


2082 OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/coolantfiltration

coolantfiltration


A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/es/directflow directflow OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


coolantfiltration


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/es/directflow directflow Unsafethird-partylink(target="_blank")

A9


A9



A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/print/ EmailAddressPatternFound

A3,A5,A6,A9


A3,A5,A6,A9



A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/es/qualitycert qualitycert OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9



A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/es/qualitycert qualitycert Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/es/hybrid hybrid OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

7/24/2018 QA-531 14


http://cumminsfiltration-stg.bitnamiapp.com/print/




http://cumminsfiltration-stg.bitnamiapp.com/fr/print/1771


http://cumminsfiltration-stg.bitnamiapp.com/fr/printpdf/1771









http://cumminsfiltration-stg.bitnamiapp.com/es/directflow











http://cumminsfiltration-stg.bitnamiapp.com/es/qualitycert






http://cumminsfiltration-stg.bitnamiapp.com/es/hybrid


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/es/hybrid hybrid Unsafethird-partylink(target="_blank")

A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9


A9


A3,A5,A6,A9


A3,A5,A6,A9


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/print/customerassistance_us

customerassistance_us


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/literature literature TemporaryFileDownload A5,A6http://cumminsfiltration-stg.bitnamiapp.com/print/976 976 OverlyPermissiveCORS


http://cumminsfiltration-stg.bitnamiapp.com/de/user/login login Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/node node Unsafethird-partylink A9

7/24/2018 QA-531 15



























http://cumminsfiltration-stg.bitnamiapp.com/de/user/login

http://cumminsfiltration-stg.bitnamiapp.com/node

(target="_blank")http://cumminsfiltration-stg.bitnamiapp.com/node node OverlyPermissiveCORS


http://cumminsfiltration-stg.bitnamiapp.com/search/site/cummins

cummins Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/de/rss.xml rss.xml OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/user/login login OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/encrypt_submissions/jcryption/jquery.jcryption.js

jquery.jcryption.js


A3,A5,A6,A9




A9

http://cumminsfiltration-stg.bitnamiapp.com/de/regions/cis cis Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/node node Unsafethird-partylink(target="_blank")

A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/node node OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/regions/cis cis OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9



EmailAddressPatternFound

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/sites/all/modules/encrypt_submissions/js/encryption_submissions.js

encryption_submissions.js


A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/fr/rss.xml rss.xml OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/rss.xml rss.xml OverlyPermissiveCORSAccessPolicy

A3,A5,A6,A9


jquery.jcryption.js

EmailAddressPatternFound

A3,A5,A6,A9

http://cumminsfiltration-stg.bitnamiapp.com/de/user/login pass UnencryptedLoginRequest

A2,A3,A5

Detailed Security Issues by Sections

A1-Injection 0

H A2-Brokenauthentication 1

7/24/2018 QA-531 16





http://cumminsfiltration-stg.bitnamiapp.com/de/rss.xml






http://cumminsfiltration-stg.bitnamiapp.com/de/regions/cis

http://cumminsfiltration-stg.bitnamiapp.com/fr/node







http://cumminsfiltration-stg.bitnamiapp.com/fr/rss.xml

http://cumminsfiltration-stg.bitnamiapp.com/rss.xml




High

High

Unencrypted Login RequestRisk: Itmaybepossibletostealuserlogininformationsuchasusernamesandpasswordsthataresent

unencrypted

Causes: Sensitiveinputfieldssuchasusernames,passwordandcreditcardnumbersarepassedunencrypted

Fix: AlwaysuseSSLandPOST(body)parameterswhensendingsensitiveinformation.

CVSS Score: 8.5

Severity URL Entity


pass

H A3-SensitiveDataExposure 217


unencrypted



CVSS Score: 8.5

Severity URL Entity


pass

7/24/2018 QA-531 17





Low

Low

Low

Low

Low

Low

Low

Low

Body Parameters Accepted in QueryRisk: Itispossibletogathersensitiveinformationaboutthewebapplicationsuchasusernames,

passwords,machinenameand/orsensitivefilelocationsItispossibletopersuadeanaiveusertosupplysensitiveinformationsuchasusername,password,creditcardnumber,socialsecuritynumberetc.

Causes: Insecurewebapplicationprogrammingorconfiguration

Fix: Donotacceptbodyparametersthataresentinthequerystring

CVSS Score: 5.0

Severity URL Entity



1326


gss

Missing or insecure "Content-Security-Policy" headerRisk: Itispossibletogathersensitiveinformationaboutthewebapplicationsuchasusernames,



Fix: Configyourservertousethe"Content-Security-Policy"headerwithsecurepolicies

CVSS Score: 5.0

Severity URL Entity


jquery.once.js




jquery.min.js



drupal.js

7/24/2018 QA-531 18

















Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Missing or insecure "X-Content-Type-Options" headerRisk: Itispossibletogathersensitiveinformationaboutthewebapplicationsuchasusernames,



Fix: Configyourservertousethe"X-Content-Type-Options"headerwith"nosniff"value

CVSS Score: 5.0

Severity URL Entity





jquery.once.js


jquery.min.js


drupal.js

Missing or insecure "X-XSS-Protection" headerRisk: Itispossibletogathersensitiveinformationaboutthewebapplicationsuchasusernames,



Fix: Configyourservertousethe"X-XSS-Protection"headerwithvalue'1'(enabled)

CVSS Score: 5.0

Severity URL Entity





jquery.once.js


jquery.min.js


drupal.js

7/24/2018 QA-531 19























Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Overly Permissive CORS Access PolicyRisk: Itispossibletogathersensitiveinformationaboutthewebapplicationsuchasusernames,



Fix: Modifythe"Access-Control-Allow-Origin"headertocontainonlyallowedsites

CVSS Score: 5.0

Severity URL Entity



jquery.once.js


699


de


bootstrap.min.js


order


products


fr


homepage


lube


fuel


air


fluidanalysis


hydraulics


fleetmanager


product-releases


transmission

7/24/2018 QA-531 20



































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


fluid-analysis


air


literature


cooling


additives


applications


hydraulic


fuel




lube


msds


fleetguardaccess


oil-and-gas


training


customerassistance


792


warranty


faq


retail-locator


cookies


completesolution


contactus



7/24/2018 QA-531 21















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


sitemap


delivery


addthis.js


order


1326


products


792


2082


792




sitemap


699


2016


688


air


homepage


2736


Cookies


lube




fleetmanager


transmission


hydraulics

7/24/2018 QA-531 22
















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


product-releases


literature


fluidanalysis


fleetguardaccess


mediacenter


training


msds


customerassistance


sitemap


history


infiniteCarousel.js


contactus


2736


1016


Cookies


2986


galleryformatter.js


videos


optiair


eUpdate


directflow


nanoforce

7/24/2018 QA-531 23













































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


1019


magnumrs


2082


spinonfilterlube


spinonfilters


centrifuge


1272


1272


2082


sensors


fluidanalysis


2077


2077


1272


additives


1060


2077


699


1276


1060


fuel




1172

7/24/2018 QA-531 24















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low




1182


1276


692


2085


692


692


webform.js


form.js


textarea.js


eloqua_webform.js


captcha.js


warranty


697


688


1276


analysis


688


seapro


aluminumcorrosion


conventional


def

7/24/2018 QA-531 25














































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


closedcvfilters


699


dieselpro


closedcvfilters



792



1771


1771


hybrid


692


conventional


2082


directflow


coolantfiltration


1272


1163


1276


qualitycert


2077


1163


hybrid


1166

7/24/2018 QA-531 26















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


1273


773


773


2725


2725


2724


2724


1273


976


774


774


772




976


node


rss.xml


login


jquery.jcryption.js


node


cis




rss.xml

7/24/2018 QA-531 27















































Low http://cumminsfiltration-stg.bitnamiapp.com/rss.xml

rss.xml

7/24/2018 QA-531 28



Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Email Address Pattern FoundRisk: Itispossibletogathersensitiveinformationaboutthewebapplicationsuchasusernames,

passwords,machinenameand/orsensitivefilelocations


Fix: Removee-mailaddressesfromthewebsite

CVSS Score: 0.0

Severity URL Entity


retail-locator


792


1272


2082


2077


699


1060


692


1276


688


1771


1163



773


2725


1273


2724


774

7/24/2018 QA-531 29





































Informational

Informational

Informational

Informational

High


772


976




jquery.jcryption.js

A4-XMLExternalEntities(XXE) 0

H A5-BrokenAccessControl 219


unencrypted



CVSS Score: 8.5

Severity URL Entity


pass

7/24/2018 QA-531 30












Low

Low

Low

Low

Low

Low

Low

Low





CVSS Score: 5.0

Severity URL Entity



1326


gss





CVSS Score: 5.0

Severity URL Entity


jquery.once.js




jquery.min.js



drupal.js

7/24/2018 QA-531 31

















Low

Low

Low

Low

Low

Low

Low

Low

Low

Low





CVSS Score: 5.0

Severity URL Entity





jquery.once.js


jquery.min.js


drupal.js





CVSS Score: 5.0

Severity URL Entity





jquery.once.js


jquery.min.js


drupal.js

7/24/2018 QA-531 32























Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low





CVSS Score: 5.0

Severity URL Entity



jquery.once.js


699


de


bootstrap.min.js


order


products


fr


homepage


lube


fuel


air


fluidanalysis


hydraulics


fleetmanager


product-releases


transmission

7/24/2018 QA-531 33



































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


fluid-analysis


air


literature


cooling


additives


applications


hydraulic


fuel




lube


msds


fleetguardaccess


oil-and-gas


training


customerassistance


792


warranty


faq


retail-locator


cookies


completesolution


contactus



7/24/2018 QA-531 34















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


sitemap


delivery


addthis.js


order


1326


products


792


2082


792




sitemap


699


2016


688


air


homepage


2736


Cookies


lube




fleetmanager


transmission


hydraulics

7/24/2018 QA-531 35
















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


product-releases


literature


fluidanalysis


fleetguardaccess


mediacenter


training


msds


customerassistance


sitemap


history


infiniteCarousel.js


contactus


2736


1016


Cookies


2986


galleryformatter.js


videos


optiair


eUpdate


directflow


nanoforce

7/24/2018 QA-531 36













































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


1019


magnumrs


2082


spinonfilterlube


spinonfilters


centrifuge


1272


1272


2082


sensors


fluidanalysis


2077


2077


1272


additives


1060


2077


699


1276


1060


fuel




1172

7/24/2018 QA-531 37















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low




1182


1276


692


2085


692


692


webform.js


form.js


textarea.js


eloqua_webform.js


captcha.js


warranty


697


688


1276


analysis


688


seapro


aluminumcorrosion


conventional


def

7/24/2018 QA-531 38














































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


closedcvfilters


699


dieselpro


closedcvfilters



792



1771


1771


hybrid


692


conventional


2082


directflow


coolantfiltration


1272


1163


1276


qualitycert


2077


1163


hybrid


1166

7/24/2018 QA-531 39















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


1273


773


773


2725


2725


2724


2724


1273


976


774


774


772




976


node


rss.xml


login


jquery.jcryption.js


node


cis




rss.xml

7/24/2018 QA-531 40















































Low

Low

Low


rss.xml

Temporary File DownloadRisk: Itispossibletodownloadtemporaryscriptfiles,whichcanexposetheapplicationlogicandother

sensitiveinformationsuchasusernamesandpasswords

Causes: Temporaryfileswereleftinproductionenvironment

Fix: Removeoldversionsoffilesfromthevirtualdirectory

CVSS Score: 5.0

Severity URL Entity


literature


literature

7/24/2018 QA-531 41







Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational





CVSS Score: 0.0

Severity URL Entity


retail-locator


792


1272


2082


2077


699


1060


692


1276


688


1771


1163



773


2725


1273


2724


774

7/24/2018 QA-531 42





































Informational

Informational

Informational

Informational

Low

Low

Low


772


976




jquery.jcryption.js

L A6-SecurityMisconfiguration 218





CVSS Score: 5.0

Severity URL Entity



1326


gss

7/24/2018 QA-531 43















Low

Low

Low

Low

Low

Low

Low

Low

Low

Low





CVSS Score: 5.0

Severity URL Entity


jquery.once.js




jquery.min.js



drupal.js





CVSS Score: 5.0

Severity URL Entity





jquery.once.js


jquery.min.js


drupal.js

7/24/2018 QA-531 44























Low

Low

Low

Low

Low





CVSS Score: 5.0

Severity URL Entity





jquery.once.js


jquery.min.js


drupal.js

7/24/2018 QA-531 45












Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low





CVSS Score: 5.0

Severity URL Entity



jquery.once.js


699


de


bootstrap.min.js


order


products


fr


homepage


lube


fuel


air


fluidanalysis


hydraulics


fleetmanager


product-releases


transmission

7/24/2018 QA-531 46



































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


fluid-analysis


air


literature


cooling


additives


applications


hydraulic


fuel




lube


msds


fleetguardaccess


oil-and-gas


training


customerassistance


792


warranty


faq


retail-locator


cookies


completesolution


contactus



7/24/2018 QA-531 47















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


sitemap


delivery


addthis.js


order


1326


products


792


2082


792




sitemap


699


2016


688


air


homepage


2736


Cookies


lube




fleetmanager


transmission


hydraulics

7/24/2018 QA-531 48
















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


product-releases


literature


fluidanalysis


fleetguardaccess


mediacenter


training


msds


customerassistance


sitemap


history


infiniteCarousel.js


contactus


2736


1016


Cookies


2986


galleryformatter.js


videos


optiair


eUpdate


directflow


nanoforce

7/24/2018 QA-531 49













































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


1019


magnumrs


2082


spinonfilterlube


spinonfilters


centrifuge


1272


1272


2082


sensors


fluidanalysis


2077


2077


1272


additives


1060


2077


699


1276


1060


fuel




1172

7/24/2018 QA-531 50















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low




1182


1276


692


2085


692


692


webform.js


form.js


textarea.js


eloqua_webform.js


captcha.js


warranty


697


688


1276


analysis


688


seapro


aluminumcorrosion


conventional


def

7/24/2018 QA-531 51














































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


closedcvfilters


699


dieselpro


closedcvfilters



792



1771


1771


hybrid


692


conventional


2082


directflow


coolantfiltration


1272


1163


1276


qualitycert


2077


1163


hybrid


1166

7/24/2018 QA-531 52















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


1273


773


773


2725


2725


2724


2724


1273


976


774


774


772




976


node


rss.xml


login


jquery.jcryption.js


node


cis




rss.xml

7/24/2018 QA-531 53















































Low

Low

Low


rss.xml

Temporary File DownloadRisk: Itispossibletodownloadtemporaryscriptfiles,whichcanexposetheapplicationlogicandother

sensitiveinformationsuchasusernamesandpasswords

Causes: Temporaryfileswereleftinproductionenvironment

Fix: Removeoldversionsoffilesfromthevirtualdirectory

CVSS Score: 5.0

Severity URL Entity


literature


literature

7/24/2018 QA-531 54







Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational





CVSS Score: 0.0

Severity URL Entity


retail-locator


792


1272


2082


2077


699


1060


692


1276


688


1771


1163



773


2725


1273


2724


774

7/24/2018 QA-531 55





































Informational

Informational

Informational

Informational

Low

Low

Low


772


976




jquery.jcryption.js

A7-Crosssitescripting(XSS) 0

A8-InsecureDeserialization 0

L A9-UsingComponentswithKnownVulnerabilities 345





CVSS Score: 5.0

Severity URL Entity



1326


gss

7/24/2018 QA-531 56















Low

Low

Low

Low

Low

Low

Low

Low

Low

Low





CVSS Score: 5.0

Severity URL Entity


jquery.once.js




jquery.min.js



drupal.js





CVSS Score: 5.0

Severity URL Entity





jquery.once.js


jquery.min.js


drupal.js

7/24/2018 QA-531 57























Low

Low

Low

Low

Low





CVSS Score: 5.0

Severity URL Entity





jquery.once.js


jquery.min.js


drupal.js

7/24/2018 QA-531 58












Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low





CVSS Score: 5.0

Severity URL Entity



jquery.once.js


699


de


bootstrap.min.js


order


products


fr


homepage


lube


fuel


air


fluidanalysis


hydraulics


fleetmanager


product-releases


transmission

7/24/2018 QA-531 59



































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


fluid-analysis


air


literature


cooling


additives


applications


hydraulic


fuel




lube


msds


fleetguardaccess


oil-and-gas


training


customerassistance


792


warranty


faq


retail-locator


cookies


completesolution


contactus



7/24/2018 QA-531 60















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


sitemap


delivery


addthis.js


order


1326


products


792


2082


792




sitemap


699


2016


688


air


homepage


2736


Cookies


lube




fleetmanager


transmission


hydraulics

7/24/2018 QA-531 61
















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


product-releases


literature


fluidanalysis


fleetguardaccess


mediacenter


training


msds


customerassistance


sitemap


history


infiniteCarousel.js


contactus


2736


1016


Cookies


2986


galleryformatter.js


videos


optiair


eUpdate


directflow


nanoforce

7/24/2018 QA-531 62













































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


1019


magnumrs


2082


spinonfilterlube


spinonfilters


centrifuge


1272


1272


2082


sensors


fluidanalysis


2077


2077


1272


additives


1060


2077


699


1276


1060


fuel




1172

7/24/2018 QA-531 63















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low




1182


1276


692


2085


692


692


webform.js


form.js


textarea.js


eloqua_webform.js


captcha.js


warranty


697


688


1276


analysis


688


seapro


aluminumcorrosion


conventional


def

7/24/2018 QA-531 64














































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


closedcvfilters


699


dieselpro


closedcvfilters



792



1771


1771


hybrid


692


conventional


2082


directflow


coolantfiltration


1272


1163


1276


qualitycert


2077


1163


hybrid


1166

7/24/2018 QA-531 65















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


1273


773


773


2725


2725


2724


2724


1273


976


774


774


772




976


node


rss.xml


login


jquery.jcryption.js


node


cis




rss.xml

7/24/2018 QA-531 66















































Low http://cumminsfiltration-stg.bitnamiapp.com/rss.xml

rss.xml

7/24/2018 QA-531 67



Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Unsafe third-party link (target="_blank")Risk: Itispossibletopersuadeanaiveusertosupplysensitiveinformationsuchasusername,password,

creditcardnumber,socialsecuritynumberetc.

Causes: Therelattributeinthelinkelementisnotsetto"noopenernoreferrer".

Fix: Addtheattributerel="noopenernoreferrer"toeachlinkelementwithtarget="_blank"

CVSS Score: 5.0

Severity URL Entity


order



1234


fr


homepage


lube


air


de


products


fuel


fleetmanager


hydraulics


fluidanalysis


additives


literature


transmission


product-releases


hydraulic


cooling

7/24/2018 QA-531 68






































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


applications


air


fuel




msds


lube


fluid-analysis


oil-and-gas


customerassistance


training


warranty


fleetguardaccess


faq


completesolution


retail-locator


contactus




sitemap


cookies


1234



order


products

7/24/2018 QA-531 69















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


delivery


792


2016


1326


2736


688


699


homepage


Cookies


lube


sitemap


air


hydraulics




product-releases


fluidanalysis


699


fleetmanager


msds


transmission


literature


contactus


training

7/24/2018 QA-531 70















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


customerassistance


mediacenter


2736


fleetguardaccess


history


Cookies


2986


optiair


sitemap


videos


eUpdate


1016


nanoforce


1019


directflow


magnumrs


centrifuge


spinonfilters


spinonfilterlube


fluidanalysis


sensors


2082


1272

7/24/2018 QA-531 71















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low


2077


additives


2085


fuel




692


692


warranty


1276


def


697


1276


closedcvfilters


conventional


cummins


analysis


aluminumcorrosion


search


1234


dieselpro


gss


seapro


gss

7/24/2018 QA-531 72















































Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low



1234


hybrid


conventional


closedcvfilters


coolantfiltration


directflow


1163


qualitycert


774


hybrid


772


login


node


cummins




cis


node

7/24/2018 QA-531 73





































Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational

Informational





CVSS Score: 0.0

Severity URL Entity


retail-locator


792


1272


2082


2077


699


1060


692


1276


688


1771


1163



773


2725


1273


2724


774

7/24/2018 QA-531 74





































Informational

Informational

Informational

Informational


772


976




jquery.jcryption.js

A10-InsufficientLoggingandMonitoring 0

7/24/2018 QA-531 75










web application report

Documents