7/18/23, 12:25 AM www.rivatravel.

com Website Security Test | ImmuniWeb

Summary of www.rivatravel.com [Desktop version] Website Security Test

rivatravel.com was tested 2 times during the last 12 months.

Your final score

Tested on: Jul 17th, 2023 23:34:16 GMT+5:30 A

C
Server IP: 103.73.188.242
B
Reverse DNS: smtp6-18.latestnewsmails.com
Location: Gugal Pimpari C

Client: Desktop version

F

Software Compliance Compliance Content Headers

Security Test Test Test Security Policy Test Security Test

2 ISSUES FOUND 1 ISSUE FOUND 3 ISSUES FOUND MISSING NO ISSUES FOUND

The website has at least one folder with enabled directory listing, putting its content at risk. Misconfiguration or weakness

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 1/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

Upgrade from Free Community Edition to ImmuniWeb® AI Platform Now!

API Penetration Mobile Penetration

Testing Testing

API Security Mobile Security

Scanning Scanning

Attack Surface Network Security

Management Assessment

Cloud Penetration PCI DSS Penetration

Testing Testing

Cloud Security Posture Phishing Websites

Management Takedown

Continuous Penetration Red Teaming

Testing Exercise

Cyber Threat Software Composition

Intelligence Analysis

Dark Web Third-Party Risk

Monitoring Management

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 2/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

Digital Brand Web Penetration

Protection Testing

GDPR Penetration Web Security

Testing Scanning

Free Demo Book a Call

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 3/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

Web Server Security Test

HTTP RESPONSE HTTP VERSIONS NPN ALPN

200 OK HTTP/1.0 HTTP/1.1 HTTP/2 N/A HTTP/1.1

CONTENT ENCODING SERVER SIGNATURE WAF LOCATION

None Apache No WAF detected RackBank Datacenters Private Ltd

HTTP METHODS ENABLED

✔ GET ✔ POST ✔ HEAD ✔ OPTIONS ✔ DELETE ✔ PUT ✔ TRACK ✔ CUSTOM

DIRECTORY LISTING ENABLED

The website has at least one folder with enabled directory listing: https://www.rivatravel.com/extras/system/library/javascript/ .

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 4/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

Web Software Security Test

Web Software Found Web Software Outdated Web Software Vulnerabilities

7 6 15
Fingerprinted CMS & Vulnerabilities

No CMS were fingerprinted on the website. Information

Fingerprinted CMS Components & Vulnerabilities

jQuery 2.1.1

The fingerprinted component version is outdated and vulnerable to publicly known vulnerabilities. Urgently update to the most recent version 3.7.0.

CVSSv3.1 Score Vulnerability CVE-ID CVE Vulnerability Type

5.5 Medium CVE-2020-11022 CWE-79 - Cross-site scripting

4.8 Medium CVE-2019-11358 CWE-400 - Prototype pollution

4.1 Medium CVE-2020-11023 CWE-79 - Cross-site scripting

jQuery UI 1.11.4

The fingerprinted component version is outdated and vulnerable to publicly known vulnerabilities. Urgently update to the most recent version 1.13.2.
https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 5/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

CVSSv3.1 Score Vulnerability CVE-ID CVE Vulnerability Type

5.5 Medium CVE-2021-41184 CWE-79 - Cross-site scripting

5.3 Medium CVE-2021-41182 CWE-79 - Cross-site scripting

5.3 Medium CVE-2021-41183 CWE-79 - Cross-site scripting

5.3 Medium CVE-2016-7103 CWE-79 - Cross-site scripting

4.1 Medium CVE-2022-31160 CWE-79 - Cross-site scripting

SHOW 5 MORE

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 6/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

GDPR Compliance Test

If the website processes or stores personal data of the EU residents, the following requirements of EU GDPR may apply:

PRIVACY POLICY

Privacy Policy was found on the website. Good configuration

WEBSITE SECURITY

Website CMS or its components are outdated and contain publicly known security vulnerabilities. Misconfiguration or weakness

TLS ENCRYPTION

HTTPS encryption is present on the web server. Good configuration

COOKIE PROTECTION

Cookies with personal or tracking information are sent with Secure flag. Good configuration

COOKIE DISCLAIMER

Third-party cookies or cookies with tracking information are sent, cookie disclaimer was found on the website. Good configuration

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 7/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

PCI DSS Compliance Test

If the website falls into a CDE (Cardholder Data Environment) scope, the following Requirements of PCI DSS may apply:

REQUIREMENT 6.2

Website CMS or its components seem to be outdated. Check for available updates. Misconfiguration or weakness

REQUIREMENT 6.5

Fingerprinted website CMS or its components contain publicly known vulnerabilities (Ref. PCI DSS 6.5.1-6.5.10). Misconfiguration or weakness

REQUIREMENT 6.6

No WAF was detected on the website. Implement a WAF to protect the website against common web attacks. Misconfiguration or weakness

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 8/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

HTTP Headers Security

Some HTTP headers related to security and privacy are missing or misconfigured. Misconfiguration or weakness

MISSING OPTIONAL HTTP HEADERS

Access-Control-Allow-Origin Permissions-Policy

SERVER

Web server does not disclose its version. Good configuration

Server
Server: Apache

STRICT-TRANSPORT-SECURITY

The header is properly set. Good configuration

Strict-Transport-Security

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Directives

Name Description Alerts

max-age Sets the time browsers must enforce the use of HTTPS to browse the website. No problems found

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 9/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

X-FRAME-OPTIONS

The header is properly set. Good configuration

X-Frame-Options

X-Frame-Options: sameorigin

X-CONTENT-TYPE-OPTIONS

The header is properly set. Good configuration

X-Content-Type-Options
X-Content-Type-Options: nosniff

REFERRER-POLICY

The header is properly set. Good configuration

Referrer-Policy
Referrer-Policy: no-referrer

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 10/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

Content Security Policy Test

CONTENT-SECURITY-POLICY

The header was not sent by the server. Misconfiguration or weakness

CONTENT-SECURITY-POLICY-REPORT-ONLY

The header was not sent by the server. Information

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 11/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

Cookies Privacy and Security Analysis

Some cookies have missing secure flags or attributes. Misconfiguration or weakness

COOKIE: TRAVELS

The cookie has Secure and HttpOnly attributes set. Good configuration

The cookie is missing SameSite flag. Make sure it does not store sensitive information. Misconfiguration or weakness

Raw HTTP Header

Set-Cookie:

travels=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22ca42d6f295e544a4b198114890f659b7%22%3Bs%3A10%3A%22ip_address%22%3Bs%

3A13%3A%2264.15.129.102%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A104%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.3

6+%28KHTML%2C+like+Gecko%29+Chrome%2F67.0.3396.99+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1689616734%3Bs%3A9%3A%22

user_data%22%3Bs%3A0%3A%22%22%3B%7D4ced32ef2d9cf5799826caa7175c569b; expires=Mon, 17-Jul-2023 19:58:54 GMT; Max-Age=7200;

path=/; HttpOnly ; Secure

Directives

Name Value Description

Mon, 17-Jul-2023 19:58:54

expires Sets the maximum lifetime of the cookie using a date.
GMT

max-age 7200 Sets the maximum lifetime of the cookie using a time in seconds.

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 12/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

Name Value Description

path / Sets the path of the application where the cookie should be sent.

Prevents client-side scripts to access the cookie by telling browsers to only transmit the
httponly ✅
cookie over HTTP(S).

secure ✅ Prevents browsers to send this cookie over an insecure connection.

COOKIE: TRAVELS

The cookie has Secure and HttpOnly attributes set. Good configuration

The cookie is missing SameSite flag. Make sure it does not store sensitive information. Misconfiguration or weakness

Raw HTTP Header

Set-Cookie:

travels=a%3A7%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22ca42d6f295e544a4b198114890f659b7%22%3Bs%3A10%3A%22ip_address%22%3Bs%

3A13%3A%2264.15.129.102%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A104%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.3

6+%28KHTML%2C+like+Gecko%29+Chrome%2F67.0.3396.99+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1689616734%3Bs%3A9%3A%22

user_data%22%3Bs%3A0%3A%22%22%3Bs%3A14%3A%22domain_auth_id%22%3Bi%3A1%3Bs%3A10%3A%22domain_key%22%3Bs%3A28%3A%22VE1YNzkzNDg

0MTY1Mjk1OTcwNQ%3D%3D%22%3B%7D796cb81b84af48e2a83f9daab9c7b3d3; expires=Mon, 17-Jul-2023 19:58:54 GMT; Max-Age=7200;

path=/; HttpOnly ; Secure

Directives

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 13/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

Name Value Description

Mon, 17-Jul-2023 19:58:54

expires Sets the maximum lifetime of the cookie using a date.
GMT

max-age 7200 Sets the maximum lifetime of the cookie using a time in seconds.

path / Sets the path of the application where the cookie should be sent.

Prevents client-side scripts to access the cookie by telling browsers to only transmit the
httponly ✅
cookie over HTTP(S).

secure ✅ Prevents browsers to send this cookie over an insecure connection.

COOKIE: TRAVELS

The cookie has Secure and HttpOnly attributes set. Good configuration

The cookie is missing SameSite flag. Make sure it does not store sensitive information. Misconfiguration or weakness

Raw HTTP Header

Set-Cookie:

travels=a%3A8%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22ca42d6f295e544a4b198114890f659b7%22%3Bs%3A10%3A%22ip_address%22%3Bs%

3A13%3A%2264.15.129.102%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A104%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.3

6+%28KHTML%2C+like+Gecko%29+Chrome%2F67.0.3396.99+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1689616734%3Bs%3A9%3A%22
user_data%22%3Bs%3A0%3A%22%22%3Bs%3A14%3A%22domain_auth_id%22%3Bi%3A1%3Bs%3A10%3A%22domain_key%22%3Bs%3A28%3A%22VE1YNzkzNDg

0MTY1Mjk1OTcwNQ%3D%3D%22%3Bs%3A15%3A%22domain_currency%22%3Bs%3A3%3A%22USD%22%3B%7D07ca8caeb58782d085c0a3a9ed62bcd7;

expires=Mon, 17-Jul-2023 19:58:54 GMT; Max-Age=7200; path=/; HttpOnly ; Secure

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 14/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

Directives

Name Value Description

Mon, 17-Jul-2023 19:58:54

expires Sets the maximum lifetime of the cookie using a date.
GMT

max-age 7200 Sets the maximum lifetime of the cookie using a time in seconds.

path / Sets the path of the application where the cookie should be sent.

Prevents client-side scripts to access the cookie by telling browsers to only transmit the
httponly ✅ cookie over HTTP(S).

secure ✅ Prevents browsers to send this cookie over an insecure connection.

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 15/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

External Content Privacy and Security Analysis

EXTERNAL CONTENT ON HOMEPAGE

External web content (e.g. images, video, CSS or JavaScript) can improve website loading time. However, the external content can also put privacy of website visitors
at risk given that some information about them is transmitted to the third parties operating the external resources, sometimes even without proper HTTPS encryption
or user consent.

External HTTP Requests Failed HTTP Requests

12 1
www.facebook.com

https://www.facebook.com/x/oauth/status?client_id=683582740114272&input_token&origin=1&redirect_uri=http
s%3A%2F%2Fwww.rivatravel.com%2F&sdk=joey&wants_cookie_data=true

fonts.googleapis.com

https://fonts.googleapis.com/css?family=Righteous

https://fonts.googleapis.com/css?family=Roboto

https://fonts.googleapis.com/css?family=Lato|Source+Sans+Pro

cdnjs.cloudflare.com

https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.1/css/select2.min.css

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 16/17
7/18/23, 12:25 AM www.rivatravel.com Website Security Test | ImmuniWeb

SHOW 7 MORE

https://www.immuniweb.com/websec/www.rivatravel.com/ynZgV3mb/ 17/17