HTTP to HTTPS Insecure Transition in Form Post
- Risk:
Medium
- Type:
- Passive
- CWE:
- CWE-319
- Summary
This check looks for insecure HTTP pages that host HTTPS forms. The issue is that an insecure HTTP page can easily be hijacked through MITM and the secure HTTPS form can be replaced or spoofed.
- Solution
Use HTTPS for landing pages that host secure forms.
- Other info
- The response to the following request over HTTP included an HTTPS form tag action attribute value: http://example.com The context was: <form name="someform" action="https://example.com/processform">
AWS outage crashes Amazon, Prime Video, Fortnite, Perplexity and more
Oracle silently fixes zero-day exploit leaked by ShinyHunters
CISA: High-severity Windows SMB flaw now exploited in attacks
Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
Hackers exploiting critical "SessionReaper" flaw in Adobe Magento
Over 75,000 WatchGuard security devices vulnerable to critical RCE
Russian hackers evolve malware pushed in "I am not a robot" captchas
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Hackers exploit 34 zero-days on first day of Pwn2Own Ireland
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2007-0671 Microsoft Office Excel Remote Code Execution Vulnerability
CVE-2017-0144 Microsoft SMBv1 Remote Code Execution Vulnerability
Free online web security scanner