dast
Passed Started
by
@mrincon
Miguel Rincon
This job is archived. Only the complete pipeline can be retried.
1Running with gitlab-runner 12.7.1 (003fe500)2 on docker-auto-scale fa6cab46 3 Using Docker executor with image registry.gitlab.com/gitlab-org/security-products/dast:1 ...
02:39
4Pulling docker image registry.gitlab.com/gitlab-org/security-products/dast:1 ...5Using docker image sha256:193c24d1fba6f505bda1bd787f6f467abb350acb1c85f0bdb9f63253b26ffacd for registry.gitlab.com/gitlab-org/security-products/dast:1 ... 6 Running on runner-fa6cab46-project-4422333-concurrent-0 via runner-fa6cab46-stg-srm-1581996019-08228cc7...
00:05
8Fetching changes with git depth set to 50...9Initialized empty Git repository in /builds/gitlab-org/monitor/monitor-sandbox/.git/10Created fresh repository.12 * [new ref] refs/pipelines/12714643 -> refs/pipelines/1271464313 * [new branch] master -> origin/master14Checking out edce5e06 as master...15Skipping Git submodules setup17Downloading artifacts from coordinator... ok id=37087812 responseStatus=200 OK token=ducU2KT219$ /analyze -t $DAST_WEBSITE202020-02-18 03:23:13,652 using Python 2.7.15+ (default, Jul 9 2019, 16:51:35) [GCC 7.4.0]212020-02-18 03:23:13,652 waiting for http://dast-4422333-dast-default.34.67.11.220.nip.io to be available222020-02-18 03:23:13,653 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io232020-02-18 03:23:14,088 starting scan242020-02-18 03:23:14,089 Script params: [('-t', 'http://dast-4422333-dast-default.34.67.11.220.nip.io'), ('-J', 'gl-dast-report.json'), ('-z', '-config selenium.firefoxDriver=/usr/bin/geckodriver -addonupdate')]252020-02-18 03:23:14,090 Params: ['zap-x.sh', '-daemon', '-port', '54597', '-host', '0.0.0.0', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=1', '-config', 'selenium.firefoxDriver=/usr/bin/geckodriver', '-addonupdate']26Feb 18, 2020 3:23:24 AM java.util.prefs.FileSystemPreferences$1 run27INFO: Created user preferences directory.28[zap.out] Found Java version 1.8.0_22229[zap.out] Available memory: 3693 MB30[zap.out] Using JVM args: -Xmx923m31[zap.out] 709 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP D-2019-09-23 started 18/02/20 03:23:18 with home /root/.ZAP_D/32[zap.out] 804 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was null33[zap.out] 806 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.name = .* was null34[zap.out] 806 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.regex = true was null35[zap.out] 809 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config spider.maxDuration = 1 was null36[zap.out] 809 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config selenium.firefoxDriver = /usr/bin/geckodriver was null37[zap.out] 820 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...38[zap.out] 820 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...39[zap.out] 1189 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]40[zap.out] 1201 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.41[zap.out] 1989 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start42[zap.out] 1999 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end43[zap.out] 2169 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions44[zap.out] 5661 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=accessControl, version=6.0.0], [id=alertFilters, version=9.0.0], [id=ascanrules, version=34.0.0], [id=ascanrulesBeta, version=26.0.0], [id=bruteforce, version=9.0.0], [id=coreLang, version=14.0.0], [id=diff, version=10.0.0], [id=directorylistv1, version=4.0.0], [id=formhandler, version=3.0.0], [id=fuzz, version=12.0.0], [id=gettingStarted, version=11.0.0], [id=help, version=10.0.0], [id=hud, version=0.10.0], [id=importurls, version=7.0.0], [id=invoke, version=10.0.0], [id=onlineMenu, version=7.0.0], [id=openapi, version=15.0.0], [id=plugnhack, version=12.0.0], [id=portscan, version=9.0.0], [id=pscanrules, version=26.0.0], [id=pscanrulesBeta, version=21.0.0], [id=quickstart, version=28.0.0], [id=replacer, version=8.0.0], [id=reveal, version=3.0.0], [id=saverawmessage, version=5.0.0], [id=savexmlmessage, version=0.1.0], [id=scripts, version=26.0.0], [id=selenium, version=15.1.0], [id=sequence, version=6.0.0], [id=spiderAjax, version=23.1.0], [id=tips, version=7.0.0], [id=webdriverlinux, version=17.0.0], [id=webdrivermacos, version=16.0.0], [id=webdriverwindows, version=17.0.0], [id=websocket, version=21.0.0], [id=zest, version=32.0.0]]45[zap.out] 6514 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded46[zap.out] 6846 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates47[zap.out] 6856 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension48[zap.out] 6856 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension49[zap.out] 6856 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP50[zap.out] 6873 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session State Extension51[zap.out] 6873 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Extension52[zap.out] 6874 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension53[zap.out] 6875 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields54[zap.out] 6876 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions55[zap.out] 6881 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encode/Decode/Hash...56[zap.out] 6881 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses57[zap.out] 6882 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner58[zap.out] 7048 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules59[zap.out] 7051 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule60[zap.out] 7054 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure61[zap.out] 7055 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens62[zap.out] 7056 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set63[zap.out] 7056 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch64[zap.out] 7056 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP Scanner65[zap.out] 7056 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing66[zap.out] 7056 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag67[zap.out] 7056 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie68[zap.out] 7056 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without SameSite Attribute69[zap.out] 7056 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag70[zap.out] 7056 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration71[zap.out] 7057 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion72[zap.out] 7057 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Web Browser XSS Protection Not Enabled73[zap.out] 7057 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages74[zap.out] 7057 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL75[zap.out] 7057 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header76[zap.out] 7057 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments77[zap.out] 7057 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method78[zap.out] 7057 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState79[zap.out] 7057 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content80[zap.out] 7058 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure81[zap.out] 7058 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite82[zap.out] 7058 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure83[zap.out] 7059 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found84[zap.out] 7062 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate Scanner85[zap.out] 7063 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header Scanner86[zap.out] 7063 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing87[zap.out] 7063 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak88[zap.out] 7063 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Scanner89[zap.out] 7063 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)90[zap.out] 7063 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)91[zap.out] 7063 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set92[zap.out] 7063 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Directory Browsing93[zap.out] 7064 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure94[zap.out] 7064 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)95[zap.out] 7064 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post96[zap.out] 7064 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post97[zap.out] 7064 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing98[zap.out] 7064 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: PII Scanner99[zap.out] 7064 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache100[zap.out] 7064 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header Scanner101[zap.out] 7064 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override102[zap.out] 7065 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header Scanner103[zap.out] 7065 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset104[zap.out] 7065 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning105[zap.out] 7065 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)106[zap.out] 7065 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)107[zap.out] 7066 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Open Redirect108[zap.out] 7066 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak109[zap.out] 7066 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak110[zap.out] 7086 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts111[zap.out] 7090 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added112[zap.out] 7101 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSequence113[zap.out] 7101 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site114[zap.out] 7114 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks115[zap.out] 7114 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool116[zap.out] 7115 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple but effective port scanner117[zap.out] 7117 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manual Request Editor Extension118[zap.out] 7119 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences119[zap.out] 7119 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters120[zap.out] 7120 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens121[zap.out] 7122 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension122[zap.out] 7139 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]123[zap.out] 7140 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser124[zap.out] 7144 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only125[zap.out] 7144 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension126[zap.out] 7146 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies127[zap.out] 7147 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration128[zap.out] 7176 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages129[zap.out] 7447 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension130[zap.out] 7452 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions131[zap.out] 7454 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools132[zap.out] 7747 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff133[zap.out] 7751 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension134[zap.out] 7752 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration135[zap.out] 7752 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension136[zap.out] 7754 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management]137[zap.out] 7754 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension138[zap.out] 7758 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.139[zap.out] 7781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to import a file containing URLs which ZAP will access, adding them to the Sites tree140[zap.out] 7781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI related functionality.141[zap.out] 7781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension142[zap.out] 7781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax143[zap.out] 7785 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.144[zap.out] 7792 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manages the local proxy configurations145[zap.out] 7794 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add-on that adds a set of tools for testing access control in web applications.146[zap.out] 7798 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs147[zap.out] 7798 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree148[zap.out] 7798 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User Guide149[zap.out] 7798 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a URL suitable for calling from target sites150[zap.out] 7800 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts151[zap.out] 7800 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension152[zap.out] 7800 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension153[zap.out] 7800 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension154[zap.out] 7801 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Request View Extension155[zap.out] 7801 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Response View Extension156[zap.out] 7802 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension157[zap.out] 7804 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension158[zap.out] 7804 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.159[zap.out] 7804 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active and passive rule configuration160[zap.out] 7812 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics161[zap.out] 7813 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats162[zap.out] 7813 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.163[zap.out] 7814 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages.164[zap.out] 7815 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks165[zap.out] 7815 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing This extension allows a user to change the default values used by ZAP Spiders.166[zap.out] 7820 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage167[zap.out] 7820 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz WebSocket messages.168[zap.out] 7821 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules169[zap.out] 7821 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files170[zap.out] 7822 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide171[zap.out] 7822 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Easy way to replace strings in requests and responses172[zap.out] 7827 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links173[zap.out] 7827 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveXMLHttpMessage174[zap.out] 7827 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to spider and import OpenAPI (Swagger) definitions 175[zap.out] 7854 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - beta176[zap.out] 7858 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules177[zap.out] 7858 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds the Quick Start panel for scanning and exploring applications178[zap.out] 7864 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add the option to use the Ajax Spider in the Quick Start scan179[zap.out] 7864 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP180[zap.out] 7864 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP181[zap.out] 7864 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Heads Up Display182[zap.out] 8033 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch183[zap.out] 8059 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Context alert rules filter184[zap.out] 8061 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta185[zap.out] 8792 [ZAP-daemon] INFO org.zaproxy.zap.extension.callback.ExtensionCallback - Started callback server on 0.0.0.0:41801186[zap.out] 8793 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - Creating new root CA certificate187[zap.out] 9768 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - New root CA certificate created188[zap.out] 11597 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP_D/plugin/ascanrulesBeta-beta-27.zap189[zap.out] 11597 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP_D/plugin/pscanrules-release-27.zap190[zap.out] 11597 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP_D/plugin/alertFilters-release-10.zap191[zap.out] 11634 [ZAP-daemon] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - Installing new addon ascanrulesBeta v27.0.0192[zap.out] 11742 [ZAP-daemon] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - Finished installing new addon ascanrulesBeta v27.0.0193[zap.out] 11763 [ZAP-daemon] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - Installing new addon pscanrules v27.0.0194[zap.out] 11820 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure195[zap.out] 11821 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens196[zap.out] 11822 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set197[zap.out] 11823 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch198[zap.out] 11826 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP Scanner199[zap.out] 11827 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing200[zap.out] 11827 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag201[zap.out] 11827 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie202[zap.out] 11827 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without SameSite Attribute203[zap.out] 11828 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag204[zap.out] 11828 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration205[zap.out] 11828 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion206[zap.out] 11828 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages207[zap.out] 11828 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL208[zap.out] 11829 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header209[zap.out] 11829 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments210[zap.out] 11829 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method211[zap.out] 11829 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState212[zap.out] 11830 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content213[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure214[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite215[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure216[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found217[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate Scanner218[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header Scanner219[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing220[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak221[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Scanner222[zap.out] 11853 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)223[zap.out] 11872 [ZAP-daemon] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - Finished installing new addon pscanrules v27.0.0224[zap.out] 11897 [ZAP-daemon] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - Installing new addon alertFilters v10.0.0225[zap.out] 11929 [ZAP-daemon] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - Finished installing new addon alertFilters v10.0.0226[zap.out] 11931 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine - Add-on update check complete227[zap.out] 11937 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 0.0.0.0:54597228[zap.out] 12261 [ZAP-ProxyThread-2] INFO org.parosproxy.paros.control.Control - Discard Session229[zap.out] 12297 [ZAP-ProxyThread-2] INFO org.parosproxy.paros.control.Control - New Session230[zap.out] 12300 [ZAP-ProxyThread-2] INFO org.parosproxy.paros.control.Control - Create and Open Untitled Db231[zap.out] 12323 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start232[zap.out] 12325 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit end233[zap.out] 12330 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - Database closed234[zap.out] 12604 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start235[zap.out] 12607 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end236[zap.out] 15720 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.extension.spider.SpiderThread - Starting spidering scan on Context: Target Context at Tue Feb 18 03:23:33 UTC 2020237[zap.out] 15722 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Spider initializing...238[zap.out] 15802 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Starting spider...239[zap.out] 15952 [ZAP-SpiderThreadPool-0-thread-2] INFO org.zaproxy.zap.spider.Spider - Spidering process is complete. Shutting down...240[zap.out] 15959 [ZAP-SpiderShutdownThread-0] INFO org.zaproxy.zap.extension.spider.SpiderThread - Spider scanning complete: true241[zap.out] 17898 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner CSP Scanner failed on record 1 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/242[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;243[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentSecurityPolicyScanner.scanHttpResponseReceive(ContentSecurityPolicyScanner.java:95)244[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)245[zap.out] 17905 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Content-Type Header Missing failed on record 1 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/246[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;247[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentTypeMissingScanner.scanHttpResponseReceive(ContentTypeMissingScanner.java:49)248[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)249[zap.out] 17906 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie No HttpOnly Flag failed on record 1 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/250[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;251[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieHttpOnlyScanner.scanHttpResponseReceive(CookieHttpOnlyScanner.java:60)252[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)253[zap.out] 17908 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie Without SameSite Attribute failed on record 1 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/254[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;255[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.checkCookies(CookieSameSiteScanner.java:63)256[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.scanHttpResponseReceive(CookieSameSiteScanner.java:58)257[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)258[zap.out] 17910 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Weak Authentication Method failed on record 1 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/259[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpRequestHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;260[zap.out] at org.zaproxy.zap.extension.pscanrules.InsecureAuthenticationScan.scanHttpRequestSend(InsecureAuthenticationScan.java:86)261[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:197)262[zap.out] 17916 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Username Hash Found failed on record 1 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/263[zap.out] java.lang.NoSuchMethodError: org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getHelper()Lorg/zaproxy/zap/extension/pscan/PassiveScanData;264[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getUsers(UsernameIdorScanner.java:77)265[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.scanHttpResponseReceive(UsernameIdorScanner.java:88)266[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)267[zap.out] 17921 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-AspNet-Version Response Header Scanner failed on record 1 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/268[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;269[zap.out] at org.zaproxy.zap.extension.pscanrules.XAspNetVersionScanner.scanHttpResponseReceive(XAspNetVersionScanner.java:60)270[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)271[zap.out] 17922 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-Debug-Token Information Leak failed on record 1 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/272[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;273[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.responseHasHeader(XDebugTokenScanner.java:119)274[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.scanHttpResponseReceive(XDebugTokenScanner.java:65)275[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)276[zap.out] 17922 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) failed on record 1 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/277[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;278[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.isXPoweredByHeaderExist(XPoweredByHeaderInfoLeakScanner.java:83)279[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.scanHttpResponseReceive(XPoweredByHeaderInfoLeakScanner.java:62)280[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)281[zap.out] 17955 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Incomplete or No Cache-control and Pragma HTTP Header Set failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/282[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;283[zap.out] at org.zaproxy.zap.extension.pscanrules.CacheControlScanner.scanHttpResponseReceive(CacheControlScanner.java:73)284[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)285[zap.out] 17958 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner CSP Scanner failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/286[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;287[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentSecurityPolicyScanner.scanHttpResponseReceive(ContentSecurityPolicyScanner.java:95)288[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)289[zap.out] 17958 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Content-Type Header Missing failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/290[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;291[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentTypeMissingScanner.scanHttpResponseReceive(ContentTypeMissingScanner.java:49)292[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)293[zap.out] 17958 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie No HttpOnly Flag failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/294[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;295[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieHttpOnlyScanner.scanHttpResponseReceive(CookieHttpOnlyScanner.java:60)296[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)297[zap.out] 17959 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie Without SameSite Attribute failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/298[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;299[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.checkCookies(CookieSameSiteScanner.java:63)300[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.scanHttpResponseReceive(CookieSameSiteScanner.java:58)301[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)302[zap.out] 17962 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie Without Secure Flag failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/303[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;304[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSecureFlagScanner.scanHttpResponseReceive(CookieSecureFlagScanner.java:65)305[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)306[zap.out] 17964 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Username Hash Found failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/307[zap.out] java.lang.NoSuchMethodError: org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getHelper()Lorg/zaproxy/zap/extension/pscan/PassiveScanData;308[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getUsers(UsernameIdorScanner.java:77)309[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.scanHttpResponseReceive(UsernameIdorScanner.java:88)310[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)311[zap.out] 17966 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-AspNet-Version Response Header Scanner failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/312[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;313[zap.out] at org.zaproxy.zap.extension.pscanrules.XAspNetVersionScanner.scanHttpResponseReceive(XAspNetVersionScanner.java:60)314[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)315[zap.out] 17966 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-Content-Type-Options Header Missing failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/316[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;317[zap.out] at org.zaproxy.zap.extension.pscanrules.XContentTypeOptionsScanner.scanHttpResponseReceive(XContentTypeOptionsScanner.java:66)318[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)319[zap.out] 17966 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-Debug-Token Information Leak failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/320[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;321[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.responseHasHeader(XDebugTokenScanner.java:119)322[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.scanHttpResponseReceive(XDebugTokenScanner.java:65)323[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)324[zap.out] 17967 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-Frame-Options Header Scanner failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/325[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;326[zap.out] at org.zaproxy.zap.extension.pscanrules.XFrameOptionScanner.scanHttpResponseReceive(XFrameOptionScanner.java:78)327[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)328[zap.out] 17969 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) failed on record 3 from History table: GET https://dast-4422333-dast-default.34.67.11.220.nip.io/329[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;330[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.isXPoweredByHeaderExist(XPoweredByHeaderInfoLeakScanner.java:83)331[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.scanHttpResponseReceive(XPoweredByHeaderInfoLeakScanner.java:62)332[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)333[zap.out] 17991 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner CSP Scanner failed on record 9 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/334[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;335[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentSecurityPolicyScanner.scanHttpResponseReceive(ContentSecurityPolicyScanner.java:95)336[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)337[zap.out] 17995 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Content-Type Header Missing failed on record 9 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/338[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;339[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentTypeMissingScanner.scanHttpResponseReceive(ContentTypeMissingScanner.java:49)340[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)341[zap.out] 17998 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie No HttpOnly Flag failed on record 9 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/342[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;343[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieHttpOnlyScanner.scanHttpResponseReceive(CookieHttpOnlyScanner.java:60)344[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)345[zap.out] 17999 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie Without SameSite Attribute failed on record 9 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/346[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;347[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.checkCookies(CookieSameSiteScanner.java:63)348[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.scanHttpResponseReceive(CookieSameSiteScanner.java:58)349[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)350[zap.out] 18000 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Weak Authentication Method failed on record 9 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/351[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpRequestHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;352[zap.out] at org.zaproxy.zap.extension.pscanrules.InsecureAuthenticationScan.scanHttpRequestSend(InsecureAuthenticationScan.java:86)353[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:197)354[zap.out] 18001 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Username Hash Found failed on record 9 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/355[zap.out] java.lang.NoSuchMethodError: org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getHelper()Lorg/zaproxy/zap/extension/pscan/PassiveScanData;356[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getUsers(UsernameIdorScanner.java:77)357[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.scanHttpResponseReceive(UsernameIdorScanner.java:88)358[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)359[zap.out] 18002 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-AspNet-Version Response Header Scanner failed on record 9 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/360[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;361[zap.out] at org.zaproxy.zap.extension.pscanrules.XAspNetVersionScanner.scanHttpResponseReceive(XAspNetVersionScanner.java:60)362[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)363[zap.out] 18002 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-Debug-Token Information Leak failed on record 9 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/364[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;365[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.responseHasHeader(XDebugTokenScanner.java:119)366[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.scanHttpResponseReceive(XDebugTokenScanner.java:65)367[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)368[zap.out] 18005 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) failed on record 9 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/369[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;370[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.isXPoweredByHeaderExist(XPoweredByHeaderInfoLeakScanner.java:83)371[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.scanHttpResponseReceive(XPoweredByHeaderInfoLeakScanner.java:62)372[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)373[zap.out] 18023 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner CSP Scanner failed on record 10 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt374[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;375[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentSecurityPolicyScanner.scanHttpResponseReceive(ContentSecurityPolicyScanner.java:95)376[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)377[zap.out] 18024 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Content-Type Header Missing failed on record 10 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt378[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;379[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentTypeMissingScanner.scanHttpResponseReceive(ContentTypeMissingScanner.java:49)380[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)381[zap.out] 18024 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie No HttpOnly Flag failed on record 10 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt382[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;383[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieHttpOnlyScanner.scanHttpResponseReceive(CookieHttpOnlyScanner.java:60)384[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)385[zap.out] 18024 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie Without SameSite Attribute failed on record 10 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt386[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;387[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.checkCookies(CookieSameSiteScanner.java:63)388[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.scanHttpResponseReceive(CookieSameSiteScanner.java:58)389[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)390[zap.out] 18026 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Weak Authentication Method failed on record 10 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt391[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpRequestHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;392[zap.out] at org.zaproxy.zap.extension.pscanrules.InsecureAuthenticationScan.scanHttpRequestSend(InsecureAuthenticationScan.java:86)393[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:197)394[zap.out] 18029 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Username Hash Found failed on record 10 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt395[zap.out] java.lang.NoSuchMethodError: org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getHelper()Lorg/zaproxy/zap/extension/pscan/PassiveScanData;396[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getUsers(UsernameIdorScanner.java:77)397[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.scanHttpResponseReceive(UsernameIdorScanner.java:88)398[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)399[zap.out] 18030 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-AspNet-Version Response Header Scanner failed on record 10 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt400[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;401[zap.out] at org.zaproxy.zap.extension.pscanrules.XAspNetVersionScanner.scanHttpResponseReceive(XAspNetVersionScanner.java:60)402[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)403[zap.out] 18030 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-Debug-Token Information Leak failed on record 10 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt404[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;405[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.responseHasHeader(XDebugTokenScanner.java:119)406[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.scanHttpResponseReceive(XDebugTokenScanner.java:65)407[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)408[zap.out] 18030 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) failed on record 10 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt409[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;410[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.isXPoweredByHeaderExist(XPoweredByHeaderInfoLeakScanner.java:83)411[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.scanHttpResponseReceive(XPoweredByHeaderInfoLeakScanner.java:62)412[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)413[zap.out] 18071 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner CSP Scanner failed on record 11 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml414[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;415[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentSecurityPolicyScanner.scanHttpResponseReceive(ContentSecurityPolicyScanner.java:95)416[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)417[zap.out] 18074 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Content-Type Header Missing failed on record 11 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml418[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;419[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentTypeMissingScanner.scanHttpResponseReceive(ContentTypeMissingScanner.java:49)420[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)421[zap.out] 18076 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie No HttpOnly Flag failed on record 11 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml422[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;423[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieHttpOnlyScanner.scanHttpResponseReceive(CookieHttpOnlyScanner.java:60)424[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)425[zap.out] 18076 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie Without SameSite Attribute failed on record 11 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml426[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;427[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.checkCookies(CookieSameSiteScanner.java:63)428[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.scanHttpResponseReceive(CookieSameSiteScanner.java:58)429[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)430[zap.out] 18076 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Weak Authentication Method failed on record 11 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml431[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpRequestHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;432[zap.out] at org.zaproxy.zap.extension.pscanrules.InsecureAuthenticationScan.scanHttpRequestSend(InsecureAuthenticationScan.java:86)433[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:197)434[zap.out] 18077 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Username Hash Found failed on record 11 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml435[zap.out] java.lang.NoSuchMethodError: org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getHelper()Lorg/zaproxy/zap/extension/pscan/PassiveScanData;436[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.getUsers(UsernameIdorScanner.java:77)437[zap.out] at org.zaproxy.zap.extension.pscanrules.UsernameIdorScanner.scanHttpResponseReceive(UsernameIdorScanner.java:88)438[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)439[zap.out] 18077 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-AspNet-Version Response Header Scanner failed on record 11 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml440[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;441[zap.out] at org.zaproxy.zap.extension.pscanrules.XAspNetVersionScanner.scanHttpResponseReceive(XAspNetVersionScanner.java:60)442[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)443[zap.out] 18077 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner X-Debug-Token Information Leak failed on record 11 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml444[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;445[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.responseHasHeader(XDebugTokenScanner.java:119)446[zap.out] at org.zaproxy.zap.extension.pscanrules.XDebugTokenScanner.scanHttpResponseReceive(XDebugTokenScanner.java:65)447[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)448[zap.out] 18077 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) failed on record 11 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml449[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;450[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.isXPoweredByHeaderExist(XPoweredByHeaderInfoLeakScanner.java:83)451[zap.out] at org.zaproxy.zap.extension.pscanrules.XPoweredByHeaderInfoLeakScanner.scanHttpResponseReceive(XPoweredByHeaderInfoLeakScanner.java:62)452[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)453[zap.out] 18086 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner CSP Scanner failed on record 12 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io454[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;455[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentSecurityPolicyScanner.scanHttpResponseReceive(ContentSecurityPolicyScanner.java:95)456[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)457[zap.out] 18087 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Content-Type Header Missing failed on record 12 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io458[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;459[zap.out] at org.zaproxy.zap.extension.pscanrules.ContentTypeMissingScanner.scanHttpResponseReceive(ContentTypeMissingScanner.java:49)460[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)461[zap.out] 18088 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie No HttpOnly Flag failed on record 12 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io462[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;463[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieHttpOnlyScanner.scanHttpResponseReceive(CookieHttpOnlyScanner.java:60)464[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)465[zap.out] 18089 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Cookie Without SameSite Attribute failed on record 12 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io466[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpResponseHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;467[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.checkCookies(CookieSameSiteScanner.java:63)468[zap.out] at org.zaproxy.zap.extension.pscanrules.CookieSameSiteScanner.scanHttpResponseReceive(CookieSameSiteScanner.java:58)469[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:199)470[zap.out] 18089 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Weak Authentication Method failed on record 12 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io471[zap.out] java.lang.NoSuchMethodError: org.parosproxy.paros.network.HttpRequestHeader.getHeaderValues(Ljava/lang/String;)Ljava/util/List;472[zap.out] at org.zaproxy.zap.extension.pscanrules.InsecureAuthenticationScan.scanHttpRequestSend(InsecureAuthenticationScan.java:86)473[zap.out] at org.zaproxy.zap.extension.pscan.PassiveScanThread.run(PassiveScanThread.java:197)474[zap.out] 18090 [ZAP-PassiveScanner] ERROR org.zaproxy.zap.extension.pscan.PassiveScanThread - Scanner Username Hash Found failed on record 12 from History table: GET http://dast-4422333-dast-default.34.67.11.220.nip.io475Total of 4 URLs476PASS: Cookie No HttpOnly Flag [10010]477PASS: Cookie Without Secure Flag [10011]478PASS: Incomplete or No Cache-control and Pragma HTTP Header Set [10015]479PASS: Cross-Domain JavaScript Source File Inclusion [10017]480PASS: Content-Type Header Missing [10019]481PASS: X-Frame-Options Header Scanner [10020]482PASS: X-Content-Type-Options Header Missing [10021]483PASS: Information Disclosure - Debug Error Messages [10023]484PASS: Information Disclosure - Sensitive Information in URL [10024]485PASS: Information Disclosure - Sensitive Information in HTTP Referrer Header [10025]486PASS: HTTP Parameter Override [10026]487PASS: Information Disclosure - Suspicious Comments [10027]488PASS: Open Redirect [10028]489PASS: Cookie Poisoning [10029]490PASS: User Controllable Charset [10030]491PASS: User Controllable HTML Element Attribute (Potential XSS) [10031]492PASS: Viewstate Scanner [10032]493PASS: Directory Browsing [10033]494PASS: Heartbleed OpenSSL Vulnerability (Indicative) [10034]495PASS: Strict-Transport-Security Header Scanner [10035]496PASS: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037]497PASS: Content Security Policy (CSP) Header Not Set [10038]498PASS: X-Backend-Server Header Information Leak [10039]499PASS: Secure Pages Include Mixed Content [10040]500PASS: HTTP to HTTPS Insecure Transition in Form Post [10041]501PASS: HTTPS to HTTP Insecure Transition in Form Post [10042]502PASS: User Controllable JavaScript Event (XSS) [10043]503PASS: Big Redirect Detected (Potential Sensitive Information Leak) [10044]504PASS: Retrieved from Cache [10050]505PASS: X-ChromeLogger-Data (XCOLD) Header Information Leak [10052]506PASS: Cookie Without SameSite Attribute [10054]507PASS: CSP Scanner [10055]508PASS: X-Debug-Token Information Leak [10056]509PASS: Username Hash Found [10057]510PASS: X-AspNet-Version Response Header Scanner [10061]511PASS: PII Scanner [10062]512PASS: Timestamp Disclosure [10096]513PASS: Hash Disclosure [10097]514PASS: Cross-Domain Misconfiguration [10098]515PASS: Weak Authentication Method [10105]516PASS: Reverse Tabnabbing [10108]517PASS: Absence of Anti-CSRF Tokens [10202]518PASS: Private IP Disclosure [2]519PASS: Session ID in URL Rewrite [3]520PASS: Script Passive Scan Rules [50001]521PASS: Insecure JSF ViewState [90001]522PASS: Charset Mismatch [90011]523PASS: Application Error Disclosure [90022]524PASS: Loosely Scoped Cookie [90033]525WARN-NEW: Server Leaks Version Information via "Server" HTTP Response Header Field [10036] x 4 530FAIL-NEW: 0 FAIL-INPROG: 0 WARN-NEW: 1 WARN-INPROG: 0 INFO: 0 IGNORE: 0 PASS: 49532gl-dast-report.json: found 1 matching files 533Uploading artifacts to coordinator... ok id=37087813 responseStatus=201 Created token=SJxY3kSx534Job succeeded