Scan Notes Severity Details in WAS

Tenable.io Web Application Scanning uses the severity ratings described below to categorize scan notes that appear in your scan results.

Rating Description Example
Critical

Information explaining that the scan may have impacted the web application's availability or integrity.

The scan note title appears in red.

Service Stopped Responding — The scanner aborted the scan after encountering too many consecutive request timeouts. The scan results may be incomplete, and you should verify that the target is not corrupted or unavailable.

Tenable recommends that you investigate the repeated timeouts to determine why the target cannot support the requests the scanner sent. You may need to decrease performance configurations in the scan template.

High

Information explaining that the scan stopped unexpectedly before the scanner finished analyzing the web application targets. As a result, the scan did not sufficiently analyze the web application for vulnerabilities, and the user should troubleshoot and re-attempt the scan.

The scan note title appears in yellow.

Scan Crashed — The scan crashed for an unexpected reason. As a result, the scan results are be missing or incomplete.
Medium

Information explaining why scan results are missing or incomplete. The findings usually concern scans that could not be started due to configuration errors. The web application is not impacted.

The scan note title appears in black and white.

Out of Scope URL — The scanner did not scan the target URL because it matches one of the scope exclusion criteria specified in the scan template settings.
Low

Information explaining variations in scan duration. The findings do not impact the web application or scan results.

The scan note title appears in green.

Target Response Has Been Truncated — The target scan results exceeded the Max Response Size specified in the scan configurations. As a result, the content is truncated, which could cause data collection and assessment errors.
Info

Information that does not impact the scan results, but that can help you configure your scan settings more efficiently.

The scan note title appears in blue.

Authentication Detected — The scanner detected an HTTP server authentication or login form. You can configure your credentials to allow the scanner to access more pages.