Get plugin details

GET {{baseUrl}}/was/v2/plugins/:plugin_id

Returns details for the specified Tenable.io Web Application Scanning plugin.

Requires BASIC [16] user permissions. See Permissions.

RESPONSES

status: OK

{"plugin_id":98074,"name":"Backup file","family":"Data Exposure","solution":"Do not keep obsolete versions of files under the virtual web server root.","description":"A common practice when administering web applications is to create a copy/backup\n  of a particular file or directory prior to making any modification to the file.\n  Another common practice is to add an extension or change the name of the original\n  file to signify that it is a backup (examples include `.bak`, `.orig`, `.backup`,\n  etc.).\n\n  During the initial recon stages of an attack, cyber-criminals will attempt to\n  locate backup files by adding common extensions onto files already discovered on\n  the webserver. By analysing the response headers from the server they are able to\n  determine if the backup file exists.\n  These backup files can then assist in the compromise of the web application.\n\n  By utilising the same method, scanner was able to discover a possible backup file.","synopsis":"Backup file","published":"2017-03-31T00:00:00Z","patch_published":null,"plugin_modified":"2017-10-16T00:00:00Z","risk_factor":"medium","see_also":["http://www.webappsec.org/projects/threat/classes/information_leakage.shtml","https://www.owasp.org/index.php/Review_Old,_Backup_and_Unreferenced_Files_for_Sensitive_Information_(OTG-CONFIG-004)"],"cvss3_base_score":5.3,"wasc":["Predictable Resource Location"],"cwe":["530"],"owasp":[{"year":"2010","category":"A6"},{"year":"2013","category":"A5"},{"year":"2017","category":"A6"}]}