IP,Hostname,Port,Port Protocol,CVSS,Severity,Solution Type,NVT Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References 192.168.11.101,server1101.example.com,,,9.8,High,"VendorFix","QNAP QTS Multiple Arbitrary Command Execution Vulnerabilities","QNAP QTS is prone to multiple arbitrary command execution vulnerabilities.","Installed version: unknown Installed build: [ ] Fixed version: 4.2.4 Fixed build: 20170313 ",1.3.6.1.4.1.25623.1.0.140219,"CVE-2017-6361,CVE-2017-6360,CVE-2017-6359",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to QNAP QTS 4.2.4 Build 20170313 or later.","QNAP QTS version prior to 4.2.4 Build 20170313.","","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Multiple Arbitrary Command Execution Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.140219) Version used: 2022-05-25T00:00:57Z ","","","","" 192.168.11.101,server1101.example.com,,,9.8,High,"VendorFix","QNAP QTS Multiple RCE Vulnerabilities","QNAP QTS is prone to multiple remote code execution (RCE) vulnerabilities.","Installed version: unknown Installed build: [ ] Fixed version: 4.2.6 Fixed build: 20171208 ",1.3.6.1.4.1.25623.1.0.113076,"CVE-2017-17027,CVE-2017-17028,CVE-2017-17029,CVE-2017-17030,CVE-2017-17031,CVE-2017-17032,CVE-2017-17033",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation would allow an attacker to execute arbitrary code on the machine.","Update to QNAP QTS version 4.2.6 build 20171208, 4.3.3 build 20171205 or 4.3.4 build 20171208 respectively.","QNAP QTS versions 4.2.6 build 20171026, 4.3.3 build 20171117, 4.3.4 build 20171116 and earlier.","","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Multiple RCE Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.113076) Version used: 2022-05-25T00:00:55Z ","","","","" 192.168.11.101,server1101.example.com,,,7.8,High,"VendorFix","QNAP QTS < 4.2.3 build 20170213 Multiple Vulnerabilities","QNAP QTS is prone to multiple vulnerabilities","Installed version: unknown Installed build: [ ] Fixed version: 4.2.3 Fixed build: 20170213 ",1.3.6.1.4.1.25623.1.0.140172,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker in a privileged network position can Man-in-The-Middle the firmware update check and exploit the command injection vulnerability to execute arbitrary commands on the targeted device, eavesdrop the myQNAPcloud credentials and the requests performed.","Update to QNAP QTS 4.2.3 build 20170213 or later.","QNAP QTS < 4.2.3 build 20170213","QNAP QTS software firmware update functionality include Missing transport layer security (CWE-319), command injection (CWE-77) and cross-site scripting (CWE-79) vulnerabilities. QNAP QTS myQNAPcloud functionality includes improper certificate validation (CWE-295) vulnerability. QNAP QTS media scraping functionality automatically scrapes Google and IMDB for media information (for example album cover images). The functionality contains an Information Exposure (CWE-200) vulnerability.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS < 4.2.3 build 20170213 Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.140172) Version used: 2022-05-25T00:00:57Z ","","","","" 192.168.11.101,server1101.example.com,,,6.1,Medium,"VendorFix","QNAP QTS XSS Vulnerability (Apr18)","QNAP QTS is prone to a cross-site scripting (XSS) vulnerability.","Installed version: unknown Installed build: [ ] Fixed version: 4.2.6 Fixed build: 20171208 ",1.3.6.1.4.1.25623.1.0.813120,"CVE-2017-7632",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to conduct cross-site scripting attacks.","Upgrade to QNAP QTS 4.2.6 build 20171028 or 4.3.3 Build 20170901 or later.","QNAP QTS versions 4.2.6 build 20171026 and prior, 4.3.3 build 20170727 and prior.","The flaw exists as application does not properly filter HTML code from user-supplied input before displaying the input.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS XSS Vulnerability (Apr18) (OID: 1.3.6.1.4.1.25623.1.0.813120) Version used: 2022-05-25T00:00:57Z ","","","","" 192.168.11.101,server1101.example.com,8080,tcp,6.1,Medium,"VendorFix","QNAP QTS XSS Vulnerability (nas-201804-27)","QNAP QTS is prone to a cross-site scripting (XSS) vulnerability.","Installed version: unknown Installed build: [ ] Fixed version: 4.3.3 Fixed build: 20180402 ",1.3.6.1.4.1.25623.1.0.813195,"CVE-2018-0711",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to conduct XSS attacks.","Upgrade to QNAP QTS 4.3.3 build 20180402 or 4.3.4 build 20180413 or later. Please see the references for more information.","QNAP QTS versions 4.3.3 build 20180126 and earlier, 4.3.4 build 20180315 and earlier.","The flaw exists as the application does not properly filter HTML code from user-supplied input before displaying the input.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS XSS Vulnerability (nas-201804-27) (OID: 1.3.6.1.4.1.25623.1.0.813195) Version used: 2022-05-25T00:00:55Z ","","","","" 192.168.11.101,server1101.example.com,,,5.3,Medium,"VendorFix","QNAP QTS sysinfoReq.cgi Information Disclosure Vulnerability-Apr18","QNAP QTS is prone to an information disclosure vulnerability.","Installed version: unknown Installed build: [ ] Fixed version: 4.2.6 Fixed build: 20170905 ",1.3.6.1.4.1.25623.1.0.813119,"CVE-2017-7630",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to gain access to potentially sensitive information.","Upgrade to QNAP QTS 4.2.6 build 20170905 or 4.3.3.0351 Build 20171023 or later. Please see the references for more information.","QNAP QTS 4.2.x prior to 4.2.6 build 20170905 and 4.3.x prior to 4.3.3.0351 Build 20171023.","The flaw exists due to an error in the 'sysinfoReq.cgi' script.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS 'sysinfoReq.cgi' Information Disclosure Vulnerability-Apr18 (OID: 1.3.6.1.4.1.25623.1.0.813119) Version used: 2022-05-25T00:00:57Z ","","","","" 192.168.11.101,server1101.example.com,,,2.6,Low,"Mitigation","TCP timestamps","The remote host implements TCP timestamps and therefore allows to compute the uptime.","It was detected that the host implements RFC1323/RFC7323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 2399768717 Packet 2: 2399769811 ",1.3.6.1.4.1.25623.1.0.80091,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"A side effect of this feature is that the uptime of the remote host can sometimes be computed.","To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported. Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091) Version used: 2020-08-24T00:00:10Z ","","","","" 192.168.11.100,server1100.example.com,,,9.8,High,"VendorFix","QNAP QTS Multiple Command Injection Vulnerabilities (QSA-21-29)","QNAP QTS is prone to multiple command injection vulnerabilities.","Installed version: 4.3.5_20181114 Fixed version: 4.5.1_20210107 ",1.3.6.1.4.1.25623.1.0.117527,"CVE-2021-28802,CVE-2021-28804",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 4.5.1.1540 build 20210107 or later.","QNAP NAS QTS prior version 4.5.1.1540 build 20210107.","Multiple command injection vulnerabilities have been reported to affect QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Multiple Command Injection Vulnerabilities (QSA-21-29) (OID: 1.3.6.1.4.1.25623.1.0.117527) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K21/0707","" 192.168.11.100,server1100.example.com,,,9.8,High,"VendorFix","QNAP QTS Command Injection Vulnerability (QSA-21-05)","QNAP QTS is prone to a command injection vulnerability.","Installed version: 4.3.5_20181114 Fixed version: 4.3.6_20210322 ",1.3.6.1.4.1.25623.1.0.145776,"CVE-2020-2509",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","See the referenced vendor advisory for a solution.","","A command injection vulnerability has been reported to affect QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Command Injection Vulnerability (QSA-21-05) (OID: 1.3.6.1.4.1.25623.1.0.145776) Version used: 2022-08-09T00:00:17Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K21/0341","" 192.168.11.100,server1100.example.com,,,9.8,High,"VendorFix","QNAP QTS Command Injection Vulnerability (QSA-21-28)","QNAP QTS is prone to a command injection vulnerability.","Installed version: 4.3.5_20181114 Fixed version: 4.3.6_20210504 ",1.3.6.1.4.1.25623.1.0.117511,"CVE-2021-28800",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application.","See the referenced vendor advisory for a solution.","","A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Command Injection Vulnerability (QSA-21-28) (OID: 1.3.6.1.4.1.25623.1.0.117511) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K21/0462","" 192.168.11.100,server1100.example.com,,,9.8,High,"VendorFix","QNAP QTS Command Injection Vulnerability (QSA-20-16)","QNAP QTS is prone to a command injection vulnerability.","Installed version: 4.3.5_20181114 Fixed version: 4.4.3_20200702 ",1.3.6.1.4.1.25623.1.0.145024,"CVE-2019-7198",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.","Update to version 4.4.3.1354 build 20200702, 4.5.1.1456 build 20201015 or later.","QNAP QTS prior to versions 4.4.3.1354 build 20200702 and 4.5.1.1456 build 20201015.","","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Command Injection Vulnerability (QSA-20-16) (OID: 1.3.6.1.4.1.25623.1.0.145024) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K20/1202","" 192.168.11.100,server1100.example.com,,,9.8,High,"VendorFix","QNAP QTS < 4.3.6.1620 Build 20210322 Multiple Vulnerabilities","This VT has been replaced by VT 'QNAP QTS Command Injection Vulnerability (QSA-21-05)' (OID: 1.3.6.1.4.1.25623.1.0.145776). QNAP QTS is prone to multiple vulnerabilities.","Installed version: 4.3.5_20181114 Fixed version: 4.3.6_20210322 ",1.3.6.1.4.1.25623.1.0.117291,"CVE-2020-2509,CVE-2020-9490",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 4.3.6.1620 Build 20210322 or later.","QNAP QTS prior to version 4.3.6.1620 Build 20210322.","The following flaws exist: - CVE-2020-2509: command injection vulnerability - CVE-2020-9490: a vulnerability in Apache HTTP server","Checks if a vulnerable version is present on the target host. Details: QNAP QTS < 4.3.6.1620 Build 20210322 Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.117291) Version used: 2022-08-09T00:00:17Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","DFN-CERT-2022-0074,DFN-CERT-2020-2338,DFN-CERT-2020-1985,DFN-CERT-2020-1905,DFN-CERT-2020-1793,DFN-CERT-2020-1744,WID-SEC-2023-0063,CB-K21/0341,CB-K21/0068,CB-K20/0798","" 192.168.11.100,server1100.example.com,,,7.5,High,"VendorFix","QNAP QTS Directory Traversal Vulnerability (QSA-21-14)","QNAP QTS is prone to a directory traversal vulnerability.","Installed version: 4.3.5_20181114 Fixed version: 4.3.6_20210504 ",1.3.6.1.4.1.25623.1.0.146013,"CVE-2021-28798",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 4.3.3.1624 Build 20210416, 4.3.6.1663 Build 20210504, 4.5.2.1630 Build 20210406 or later.","QNAP NAS QTS prior version 4.3.3.1624 Build 20210416, 4.3.6.1663 Build 20210504 and 4.5.2.1630 Build 20210406.","A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS. If exploited, this vulnerability allows attackers to modify files that impact system integrity.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Directory Traversal Vulnerability (QSA-21-14) (OID: 1.3.6.1.4.1.25623.1.0.146013) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K21/0560","" 192.168.11.100,server1100.example.com,,,7.2,High,"VendorFix","QNAP QTS Multiple Vulnerabilities (QSA-20-09)","QNAP QTS is prone to multiple vulnerabilities.","Installed version: 4.3.5_20181114 Fixed version: 4.4.3_20200907 ",1.3.6.1.4.1.25623.1.0.112840,"CVE-2020-2490,CVE-2020-2492",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"If exploited, these two command injection vulnerabilities could allow remote attackers to execute arbitrary commands.","Update to version 4.4.3.1421 build 20200907 or later.","QNAP QTS prior to version 4.4.3.1421 build 20200907","","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Multiple Vulnerabilities (QSA-20-09) (OID: 1.3.6.1.4.1.25623.1.0.112840) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K20/1181","" 192.168.11.100,server1100.example.com,,,7.2,High,"VendorFix","QNAP QTS Command Injection Vulnerability (QSA-21-01)","QNAP QTS is prone to an authenticated command injection vulnerability.","Installed version: 4.3.5_20181114 Fixed version: 4.5.1_20201015 ",1.3.6.1.4.1.25623.1.0.145188,"CVE-2020-2508",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"A command injection vulnerability has been reported to affect QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application.","Update to version 4.5.1.1456 build 20201015 or later.","QNAP QTS prior to version 4.5.1.1456 build 20201015.","","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Command Injection Vulnerability (QSA-21-01) (OID: 1.3.6.1.4.1.25623.1.0.145188) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K21/0017","" 192.168.11.100,server1100.example.com,,,6.8,Medium,"VendorFix","QNAP QTS SMB Vulnerability (QSA-21-27)","QNAP QTS is prone to an SMB out-of-bounds read vulnerability.","Installed version: 4.3.5_20181114 Fixed version: 4.5.3_20210515 ",1.3.6.1.4.1.25623.1.0.146152,"CVE-2021-20254",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 4.5.3.1670 Build 20210515 or later.","QNAP NAS QTS prior version 4.5.3.1670 Build 20210515.","An SMB out-of-bounds read vulnerability has been reported to affect QNAP NAS running QTS. If exploited, this vulnerability allows attackers to obtain sensitive information on the system.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS SMB Vulnerability (QSA-21-27) (OID: 1.3.6.1.4.1.25623.1.0.146152) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","DFN-CERT-2022-1469,DFN-CERT-2022-0332,DFN-CERT-2022-0074,DFN-CERT-2021-2438,DFN-CERT-2021-2072,DFN-CERT-2021-1167,DFN-CERT-2021-0929,DFN-CERT-2021-0906,DFN-CERT-2021-0902,WID-SEC-2023-0063,WID-SEC-2022-0530,CB-K21/0451","" 192.168.11.100,server1100.example.com,,,6.1,Medium,"VendorFix","QNAP QTS Multiple XSS Vulnerabilities (QSA-20-12)","QNAP QTS is prone to multiple cross-site scripting (XSS) vulnerabilities.","Installed version: 4.3.5_20181114 Fixed version: 4.3.6_20200608 ",1.3.6.1.4.1.25623.1.0.145023,"CVE-2020-2495,CVE-2020-2496,CVE-2020-2497,CVE-2020-2498",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Multiple XSS vulnerabilities in File Station, System Connection Logs and certificate configuration could allow remote attackers to inject malicious code.","Update to version 4.2.6 build 20200611, 4.3.3.1315 build 20200611, 4.3.4.1368 build 20200703, 4.3.6.1333 build 20200608, 4.4.3.1354 build 20200702, 4.5.1.1456 build 20201015 or later.","QNAP QTS prior to versions 4.2.6 build 20200611, 4.3.3.1315 build 20200611, 4.3.4.1368 build 20200703, 4.3.6.1333 build 20200608, 4.4.3.1354 build 20200702 and 4.5.1.1456 build 20201015.","","Checks if a vulnerable version is present on the target host. Details: QNAP QTS Multiple XSS Vulnerabilities (QSA-20-12) (OID: 1.3.6.1.4.1.25623.1.0.145023) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K20/0626","" 192.168.11.100,server1100.example.com,,,6.1,Medium,"VendorFix","QNAP QTS XSS Vulnerability (QSA-21-04)","QNAP QTS is prone to a cross-site scripting (XSS) vulnerability in File Station.","Installed version: 4.3.5_20181114 Fixed version: 4.3.6_20200929 ",1.3.6.1.4.1.25623.1.0.145778,"CVE-2018-19942",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","See the referenced vendor advisory for a solution.","","An XSS vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS XSS Vulnerability (QSA-21-04) (OID: 1.3.6.1.4.1.25623.1.0.145778) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K21/0395","" 192.168.11.100,server1100.example.com,,,6.1,Medium,"VendorFix","QNAP QTS XSS Vulnerability (QSA-21-32)","QNAP QTS is prone to a cross-site scripting (XSS) vulnerability.","Installed version: 4.3.5_20181114 Fixed version: 4.5.2_20210202 ",1.3.6.1.4.1.25623.1.0.117528,"CVE-2020-36194",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 4.5.2.1566 Build 20210202 or later.","QNAP NAS QTS prior version 4.5.2.1566 Build 20210202.","An XSS vulnerability has been reported to affect QNAP NAS running QTS. If exploited, this vulnerability allows attackers to inject malicious code.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS XSS Vulnerability (QSA-21-32) (OID: 1.3.6.1.4.1.25623.1.0.117528) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","CB-K21/0707","" 192.168.11.100,server1100.example.com,21,tcp,4.8,Medium,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s): Non-anonymous sessions: 331 Password required for openvasvt Anonymous sessions: 331 Password required for anonymous ",1.3.6.1.4.1.25623.1.0.108528,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker can uncover login names and passwords by sniffing traffic to the FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a 'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of the 'AUTH TLS' command. Details: FTP Unencrypted Cleartext Login (OID: 1.3.6.1.4.1.25623.1.0.108528) Version used: 2020-08-24T00:00:10Z ","","","","" 192.168.11.100,server1100.example.com,80,tcp,4.8,Medium,"Workaround","Cleartext Transmission of Sensitive Information via HTTP","The host / application transmits sensitive information (username, passwords) in cleartext via HTTP.","The following URLs requires Basic Authentication (URL:realm name): http://server1100.example.com/home:""DAV-home"" ",1.3.6.1.4.1.25623.1.0.108440,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker could use this situation to compromise or eavesdrop on the HTTP communication between the client and the server using a man-in-the-middle attack to get access to sensitive data like usernames or passwords.","Enforce the transmission of sensitive data via an encrypted SSL/TLS connection. Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before allowing to input sensitive data into the mentioned functions.","Hosts / applications which doesn't enforce the transmission of sensitive data via an encrypted SSL/TLS connection.","","Evaluate previous collected information and check if the host / application is not enforcing the transmission of sensitive data via an encrypted SSL/TLS connection. The script is currently checking the following: - HTTP Basic Authentication (Basic Auth) - HTTP Forms (e.g. Login) with input field of type 'password' Details: Cleartext Transmission of Sensitive Information via HTTP (OID: 1.3.6.1.4.1.25623.1.0.108440) Version used: 2020-08-24T00:00:35Z ","","","","" 192.168.11.100,server1100.example.com,443,tcp,4.3,Medium,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT. ",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.","It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.","All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like: - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)","Check the used TLS protocols of the services provided by this system. Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.117274) Version used: 2021-07-19T00:00:48Z ","","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408","" 192.168.11.100,server1100.example.com,8081,tcp,4.3,Medium,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Weak and Supported Ciphers' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT. ",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.","It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.","All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like: - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)","Check the used TLS protocols of the services provided by this system. Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.117274) Version used: 2021-07-19T00:00:48Z ","","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408","" 192.168.11.100,server1100.example.com,,,3.7,Low,"VendorFix","QNAP QTS DNSpooq Vulnerabilities (QSA-21-09)","QNAP QTS is prone to multiple vulnerabilities in dnsmasq.","Installed version: 4.3.5_20181114 Fixed version: 4.5.3_20210428 ",1.3.6.1.4.1.25623.1.0.117526,"CVE-2020-25684,CVE-2020-25685,CVE-2020-25686",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 4.5.3.1652 build 20210428 or later.","QNAP NAS QTS prior version 4.5.3.1652 build 20210428.","DNSpooq vulnerabilities - including DNS cache poisoning and buffer overflow vulnerabilities - have been reported to affect certain versions of QTS. If exploited, these vulnerabilities allow attackers to perform remote code execution.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS DNSpooq Vulnerabilities (QSA-21-09) (OID: 1.3.6.1.4.1.25623.1.0.117526) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x31x:4.3.5_20181114 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","DFN-CERT-2021-0249,DFN-CERT-2021-0248,DFN-CERT-2021-0123,DFN-CERT-2021-0122,DFN-CERT-2021-0121,CB-K21/0054","" 192.168.11.102,server1102.example.com,,,3.7,Low,"VendorFix","QNAP QTS DNSpooq Vulnerabilities (QSA-21-09)","QNAP QTS is prone to multiple vulnerabilities in dnsmasq.","Installed version: 4.3.6_20190328 Fixed version: 4.5.3_20210428 ",1.3.6.1.4.1.25623.1.0.117526,"CVE-2020-25684,CVE-2020-25685,CVE-2020-25686",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 4.5.3.1652 build 20210428 or later.","QNAP NAS QTS prior version 4.5.3.1652 build 20210428.","DNSpooq vulnerabilities - including DNS cache poisoning and buffer overflow vulnerabilities - have been reported to affect certain versions of QTS. If exploited, these vulnerabilities allow attackers to perform remote code execution.","Checks if a vulnerable version is present on the target host. Details: QNAP QTS DNSpooq Vulnerabilities (QSA-21-09) (OID: 1.3.6.1.4.1.25623.1.0.117526) Version used: 2022-05-25T00:00:55Z ","Product: cpe:/h:qnap:ts-x32:4.3.6_20190328 Method: QNAP NAS / QTS / QES / QuTS Hero / QuTSCloud Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.103875) ","","DFN-CERT-2021-0249,DFN-CERT-2021-0248,DFN-CERT-2021-0123,DFN-CERT-2021-0122,DFN-CERT-2021-0121,CB-K21/0054","" 192.168.11.100,server1100.example.com,,,2.6,Low,"Mitigation","TCP timestamps","The remote host implements TCP timestamps and therefore allows to compute the uptime.","It was detected that the host implements RFC1323/RFC7323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 896261991 Packet 2: 896262105 ",1.3.6.1.4.1.25623.1.0.80091,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"A side effect of this feature is that the uptime of the remote host can sometimes be computed.","To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported. Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091) Version used: 2020-08-24T00:00:10Z ","","","","" 192.168.20.101,server2001.example.com,80,tcp,9.8,High,"VendorFix","Apache Tomcat JK Connector (mod_jk) 1.2.0 - 1.2.41 Buffer Overflow Vulnerability - Windows","Apache Tomcat JK Connector (mod_jk) is prone to a buffer overflow vulnerability.","Installed version: 1.2.40 Fixed version: 1.2.42 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.812786,"CVE-2016-6808",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successfully exploiting this issue will allow remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.","Update to version 1.2.42 or later.","Apache Tomcat JK Connector (mod_jk) version 1.2.0 through 1.2.41.","The flaw exists as IIS/ISAPI specific code implements special handling when a virtual host is present. The virtual host name and the URI are concatenated to create a virtual host mapping rule. The length checks prior to writing to the target buffer for this rule did not take account of the length of the virtual host name.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat JK Connector (mod_jk) 1.2.0 - 1.2.41 Buffer Overflow Vulnerabi... (OID: 1.3.6.1.4.1.25623.1.0.812786) Version used: 2022-04-13T00:00:45Z ","Product: cpe:/a:apache:mod_jk:1.2.40 Method: Apache Tomcat JK Connector (mod_jk) Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.800279) ","","","" 192.168.20.101,server2001.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server Multiple Vulnerabilities June17 (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.26 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.811213,"CVE-2017-7679,CVE-2017-3169,CVE-2017-3167",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to bypass authentication and perform unauthorized actions, cause a denial-of-service condition and gain access to potentially sensitive information.","Update to Apache HTTP Server 2.2.33 or 2.4.26 or later.","Apache HTTP Server 2.2.x before 2.2.33 and 2.4.x before 2.4.26.","Multiple flaws exist as, - The mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. - The mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. - An use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Multiple Vulnerabilities June17 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.811213) Version used: 2022-04-13T00:00:07Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-0358,DFN-CERT-2018-0077,WID-SEC-2022-0673,CB-K22/0045","" 192.168.20.101,server2001.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.30 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.812846,"CVE-2018-1312,CVE-2018-1283,CVE-2017-15715,CVE-2017-15710,CVE-2018-1301",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to replay HTTP requests across servers without detection, influence the user content, upload a malicious file, crash the Apache HTTP Server and perform denial of service attack.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions from 2.4.1 to 2.4.4, 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.16 to 2.4.18, 2.4.20, 2.4.23, 2.4.25 to 2.4.29.","Multiple flaws exist due to: - Apache HTTP Server fails to correctly generate the nonce sent to prevent reply attacks. - Misconfigured mod_session variable, HTTP_SESSION. - Apache HTTP Server fails to sanitize the expression specified in ''. - An error in Apache HTTP Server 'mod_authnz_ldap' when configured with AuthLDAPCharsetConfig. - Apache HTTP Server fails to sanitize against a specially crafted request.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812846) Version used: 2022-09-09T00:00:35Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2133,DFN-CERT-2020-0673,DFN-CERT-2019-1550,DFN-CERT-2019-0736,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2316,DFN-CERT-2018-0985,DFN-CERT-2018-0795,DFN-CERT-2018-0703,DFN-CERT-2018-0570,CB-K20/1030","" 192.168.20.101,server2001.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.53 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.113838,"CVE-2022-22719,CVE-2022-22720,CVE-2022-22721,CVE-2022-23943",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.53 or later.","Apache HTTP Server version 2.4.52 and prior.","The following vulnerabilities exist: - CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody - CVE-2022-22720: HTTP request smuggling vulnerability - CVE-2022-22721: Possible buffer overflow with very large or unlimited LimitXMLRequestBody - CVE-2022-23943: mod_sed: Read/write beyond bounds","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.113838) Version used: 2022-03-21T00:00:41Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2799,DFN-CERT-2022-2509,DFN-CERT-2022-2305,DFN-CERT-2022-2167,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-0899,DFN-CERT-2022-0898,DFN-CERT-2022-0865,DFN-CERT-2022-0747,DFN-CERT-2022-0678,DFN-CERT-2022-0582,WID-SEC-2022-1772,WID-SEC-2022-1335,WID-SEC-2022-1228,WID-SEC-2022-1161,WID-SEC-2022-1057,WID-SEC-2022-0898,WID-SEC-2022-0799,WID-SEC-2022-0755,WID-SEC-2022-0646,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K22/0306","" 192.168.20.101,server2001.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server <= 2.4.51 Buffer Overflow Vulnerability - Windows","Apache HTTP Server is prone to a buffer overflow vulnerability.","Installed version: 2.4.10 Fixed version: 2.4.52 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.117857,"CVE-2021-44790",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.52 or later.","Apache HTTP Server versions through 2.4.51.","A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server <= 2.4.51 Buffer Overflow Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.117857) Version used: 2021-12-23T00:00:57Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-0747,DFN-CERT-2022-0369,DFN-CERT-2022-0192,DFN-CERT-2022-0098,DFN-CERT-2022-0068,DFN-CERT-2021-2656,WID-SEC-2022-1908,WID-SEC-2022-1767,WID-SEC-2022-1057,WID-SEC-2022-0727,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K21/1296","" 192.168.21.101,server2101.example.com,443,tcp,9.8,High,"VendorFix","Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.30 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.812846,"CVE-2018-1312,CVE-2018-1283,CVE-2017-15715,CVE-2017-15710,CVE-2018-1301",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to replay HTTP requests across servers without detection, influence the user content, upload a malicious file, crash the Apache HTTP Server and perform denial of service attack.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions from 2.4.1 to 2.4.4, 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.16 to 2.4.18, 2.4.20, 2.4.23, 2.4.25 to 2.4.29.","Multiple flaws exist due to: - Apache HTTP Server fails to correctly generate the nonce sent to prevent reply attacks. - Misconfigured mod_session variable, HTTP_SESSION. - Apache HTTP Server fails to sanitize the expression specified in ''. - An error in Apache HTTP Server 'mod_authnz_ldap' when configured with AuthLDAPCharsetConfig. - Apache HTTP Server fails to sanitize against a specially crafted request.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812846) Version used: 2022-09-09T00:00:35Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2133,DFN-CERT-2020-0673,DFN-CERT-2019-1550,DFN-CERT-2019-0736,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2316,DFN-CERT-2018-0985,DFN-CERT-2018-0795,DFN-CERT-2018-0703,DFN-CERT-2018-0570,CB-K20/1030","" 192.168.20.101,server2001.example.com,80,tcp,8.2,High,"VendorFix","Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.52 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.117855,"CVE-2021-44224",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.52 or later.","Apache HTTP Server version 2.4.7 through 2.4.51.","A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.117855) Version used: 2021-12-23T00:00:57Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-1047,DFN-CERT-2022-0872,DFN-CERT-2022-0068,DFN-CERT-2021-2656,WID-SEC-2022-1057,WID-SEC-2022-0727,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K21/1296","" 192.168.20.100,server2000.example.com,80,tcp,8.2,High,"VendorFix","Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.52 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.117855,"CVE-2021-44224",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.52 or later.","Apache HTTP Server version 2.4.7 through 2.4.51.","A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.117855) Version used: 2021-12-23T00:00:57Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-1047,DFN-CERT-2022-0872,DFN-CERT-2022-0068,DFN-CERT-2021-2656,WID-SEC-2022-1057,WID-SEC-2022-0727,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K21/1296","" 192.168.20.101,server2001.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.48 NULL Pointer Dereference Vulnerability - Windows","Apache HTTP Server is prone to a NULL pointer dereference vulnerability.","Installed version: 2.4.10 Fixed version: 2.4.48 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.112904,"CVE-2021-31618",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to crash the server.","Update to version 2.4.48 or later.","Apache HTTP Server before version 2.4.48 on Windows.","Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions an HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.48 NULL Pointer Dereference Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.112904) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1549,DFN-CERT-2021-1467,DFN-CERT-2021-1355,DFN-CERT-2021-1333,DFN-CERT-2021-1329,DFN-CERT-2021-1276,DFN-CERT-2021-1273,CB-K21/0611","" 192.168.20.101,server2001.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability (Windows)","In Apache HTTP Server, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.","Installed version: 2.4.10 Fixed version: 2.4.39 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.142221,"CVE-2019-0217",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerabil... (OID: 1.3.6.1.4.1.25623.1.0.142221) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0736,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0680,DFN-CERT-2019-0676","" 192.168.20.101,server2001.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability (Windows)","In Apache HTTP Server mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.","Installed version: 2.4.10 Fixed version: 2.4.38 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.141963,"CVE-2018-17199",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.38 or later.","Apache HTTP Server version 2.4.37 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.141963) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1069,DFN-CERT-2020-0673,DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0857,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0198,DFN-CERT-2019-0184","" 192.168.20.101,server2001.example.com,80,tcp,6.1,Medium,"VendorFix","Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.42 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.143672,"CVE-2020-1927,CVE-2020-1934",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.42 or later.","Apache HTTP Server version 2.4.0 to 2.4.41.","Apache HTTP Server is prone to multiple vulnerabilities: - mod_rewrite CWE-601 open redirect (CVE-2020-1927) - mod_proxy_ftp use of uninitialized value (CVE-2020-1934)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.143672) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2022-0074,DFN-CERT-2021-1467,DFN-CERT-2020-2422,DFN-CERT-2020-2133,DFN-CERT-2020-1854,DFN-CERT-2020-1793,DFN-CERT-2020-1538,DFN-CERT-2020-1335,DFN-CERT-2020-1289,DFN-CERT-2020-1124,DFN-CERT-2020-0850,DFN-CERT-2020-0835,DFN-CERT-2020-0688,WID-SEC-2023-0063,WID-SEC-2022-0757,CB-K20/1030,CB-K20/0708,CB-K20/0691,CB-K20/0280","" 192.168.20.101,server2001.example.com,80,tcp,5.8,Medium,"Mitigation","HTTP Debugging Methods (TRACE/TRACK) Enabled","The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.","The web server has the following HTTP methods enabled: TRACE ",1.3.6.1.4.1.25623.1.0.11213,"CVE-2003-1567,CVE-2004-2320,CVE-2004-2763,CVE-2005-3398,CVE-2006-4683,CVE-2007-3008,CVE-2008-7253,CVE-2009-2823,CVE-2010-0386,CVE-2012-2223,CVE-2014-7883",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker may use this flaw to trick your legitimate web users to give him their credentials.","Disable the TRACE and TRACK methods in your web server configuration. Please see the manual of your web server or the references for more information.","Web servers with enabled TRACE and/or TRACK methods.","It has been shown that web servers supporting this methods are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.","Checks if HTTP methods such as TRACE and TRACK are enabled and can be used. Details: HTTP Debugging Methods (TRACE/TRACK) Enabled (OID: 1.3.6.1.4.1.25623.1.0.11213) Version used: 2022-05-12T00:00:01Z ","","","DFN-CERT-2021-1825","" 192.168.20.101,server2001.example.com,8230,tcp,5.8,Medium,"Mitigation","HTTP Debugging Methods (TRACE/TRACK) Enabled","The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.","The web server has the following HTTP methods enabled: TRACE ",1.3.6.1.4.1.25623.1.0.11213,"CVE-2003-1567,CVE-2004-2320,CVE-2004-2763,CVE-2005-3398,CVE-2006-4683,CVE-2007-3008,CVE-2008-7253,CVE-2009-2823,CVE-2010-0386,CVE-2012-2223,CVE-2014-7883",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker may use this flaw to trick your legitimate web users to give him their credentials.","Disable the TRACE and TRACK methods in your web server configuration. Please see the manual of your web server or the references for more information.","Web servers with enabled TRACE and/or TRACK methods.","It has been shown that web servers supporting this methods are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.","Checks if HTTP methods such as TRACE and TRACK are enabled and can be used. Details: HTTP Debugging Methods (TRACE/TRACK) Enabled (OID: 1.3.6.1.4.1.25623.1.0.11213) Version used: 2022-05-12T00:00:01Z ","","","DFN-CERT-2021-1825","" 192.168.20.101,server2001.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server < 2.4.39 URL Normalization Vulnerability (Windows)","When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.","Installed version: 2.4.10 Fixed version: 2.4.39 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.142229,"CVE-2019-0220",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 URL Normalization Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142229) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2020-0184,DFN-CERT-2019-2592,DFN-CERT-2019-1519,DFN-CERT-2019-0815,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0680,DFN-CERT-2019-0676,WID-SEC-2022-0757,CB-K20/0708","" 192.168.21.100,server2100.example.com,22,tcp,5.3,Medium,"Mitigation","Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)","The remote SSH server is configured to allow / support weak key exchange (KEX) algorithm(s).","The remote SSH server supports the following weak KEX algorithm(s): KEX algorithm | Reason ------------------------------------------------------------------------------------------- diffie-hellman-group-exchange-sha1 | Using SHA-1 diffie-hellman-group1-sha1 | Using Oakley Group 2 (a 1024-bit MODP group) and SHA-1 ",1.3.6.1.4.1.25623.1.0.150713,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker can quickly break individual connections.","Disable the reported weak KEX algorithm(s) - 1024-bit MODP group / prime KEX algorithms: Alternatively use elliptic-curve Diffie-Hellmann in general, e.g. Curve 25519.","","'- 1024-bit MODP group / prime KEX algorithms: Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve-the most efficient algorithm for breaking a Diffie-Hellman connection-is dependent only on this prime. A nation-state can break a 1024-bit prime.","Checks the supported KEX algorithms of the remote SSH server. Currently weak KEX algorithms are defined as the following: - non-elliptic-curve Diffie-Hellmann (DH) KEX algorithms with 1024-bit MODP group / prime - ephemerally generated key exchange groups uses SHA-1 - using RSA 1024-bit modulus key Details: Weak Key Exchange (KEX) Algorithm(s) Supported (SSH) (OID: 1.3.6.1.4.1.25623.1.0.150713) Version used: 2022-12-08T00:00:32Z ","","","","" 192.168.10.102,server1002.example.com,22,tcp,5.3,Medium,"Mitigation","Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)","The remote SSH server is configured to allow / support weak key exchange (KEX) algorithm(s).","The remote SSH server supports the following weak KEX algorithm(s): KEX algorithm | Reason ------------------------------------------------------------------------------------------- diffie-hellman-group-exchange-sha1 | Using SHA-1 diffie-hellman-group1-sha1 | Using Oakley Group 2 (a 1024-bit MODP group) and SHA-1 ",1.3.6.1.4.1.25623.1.0.150713,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker can quickly break individual connections.","Disable the reported weak KEX algorithm(s) - 1024-bit MODP group / prime KEX algorithms: Alternatively use elliptic-curve Diffie-Hellmann in general, e.g. Curve 25519.","","'- 1024-bit MODP group / prime KEX algorithms: Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve-the most efficient algorithm for breaking a Diffie-Hellman connection-is dependent only on this prime. A nation-state can break a 1024-bit prime.","Checks the supported KEX algorithms of the remote SSH server. Currently weak KEX algorithms are defined as the following: - non-elliptic-curve Diffie-Hellmann (DH) KEX algorithms with 1024-bit MODP group / prime - ephemerally generated key exchange groups uses SHA-1 - using RSA 1024-bit modulus key Details: Weak Key Exchange (KEX) Algorithm(s) Supported (SSH) (OID: 1.3.6.1.4.1.25623.1.0.150713) Version used: 2022-12-08T00:00:32Z ","","","","" 192.168.20.101,server2001.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability - Windows","Apache HTTP Server is prone to a tunneling misconfiguration vulnerability.","Installed version: 2.4.10 Fixed version: 2.4.48 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.112899,"CVE-2019-17567",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.48 or later.","Apache HTTP Server versions 2.4.6 to 2.4.46 on Windows.","mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability -... (OID: 1.3.6.1.4.1.25623.1.0.112899) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-2394,DFN-CERT-2021-1273,WID-SEC-2022-0438,CB-K21/0646","" 192.168.20.101,server2001.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server 2.4.1 < 2.4.24 IP Spoofing Vulnerability (Windows)","Apache HTTP Server is prone to an IP address spoofing vulnerability when proxying using mod_remoteip and mod_rewrite.","Installed version: 2.4.10 Fixed version: 2.4.24 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.144377,"CVE-2020-11985",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.24 or later.","Apache HTTP Server version 2.4.1 to 2.4.23.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.1 < 2.4.24 IP Spoofing Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.144377) Version used: 2021-07-22T00:00:40Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-1905,DFN-CERT-2020-1854,CB-K20/0798","" 192.168.21.101,server2101.example.com,443,tcp,9.8,High,"VendorFix","Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.54 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.148253,"CVE-2022-26377,CVE-2022-28330,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30556,CVE-2022-31813",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.54 or later.","Apache HTTP Server version 2.4.53 and prior.","The following vulnerabilities exist: - CVE-2022-26377: mod_proxy_ajp: Possible request smuggling - CVE-2022-28330: Read beyond bounds in mod_isapi - CVE-2022-28614: Read beyond bounds via ap_rwrite() - CVE-2022-28615: Read beyond bounds in ap_strcmp_match() - CVE-2022-29404: Denial of service in mod_lua r:parsebody - CVE-2022-30556: Information disclosure in mod_lua with websockets - CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.148253) Version used: 2022-06-20T00:00:15Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2799,DFN-CERT-2022-2789,DFN-CERT-2022-2652,DFN-CERT-2022-2509,DFN-CERT-2022-2310,DFN-CERT-2022-2167,DFN-CERT-2022-1837,DFN-CERT-2022-1833,DFN-CERT-2022-1720,DFN-CERT-2022-1353,DFN-CERT-2022-1296,WID-SEC-2022-1767,WID-SEC-2022-1766,WID-SEC-2022-1764,WID-SEC-2022-0858,WID-SEC-2022-0799,WID-SEC-2022-0192,CB-K22/0692","" 192.168.21.101,server2101.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.54 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.148253,"CVE-2022-26377,CVE-2022-28330,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30556,CVE-2022-31813",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.54 or later.","Apache HTTP Server version 2.4.53 and prior.","The following vulnerabilities exist: - CVE-2022-26377: mod_proxy_ajp: Possible request smuggling - CVE-2022-28330: Read beyond bounds in mod_isapi - CVE-2022-28614: Read beyond bounds via ap_rwrite() - CVE-2022-28615: Read beyond bounds in ap_strcmp_match() - CVE-2022-29404: Denial of service in mod_lua r:parsebody - CVE-2022-30556: Information disclosure in mod_lua with websockets - CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.148253) Version used: 2022-06-20T00:00:15Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2799,DFN-CERT-2022-2789,DFN-CERT-2022-2652,DFN-CERT-2022-2509,DFN-CERT-2022-2310,DFN-CERT-2022-2167,DFN-CERT-2022-1837,DFN-CERT-2022-1833,DFN-CERT-2022-1720,DFN-CERT-2022-1353,DFN-CERT-2022-1296,WID-SEC-2022-1767,WID-SEC-2022-1766,WID-SEC-2022-1764,WID-SEC-2022-0858,WID-SEC-2022-0799,WID-SEC-2022-0192,CB-K22/0692","" 192.168.21.101,server2101.example.com,443,tcp,9.8,High,"VendorFix","Apache HTTP Server 2.4.0 - 2.4.46 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.48 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.112896,"CVE-2020-13938,CVE-2020-35452,CVE-2021-26690,CVE-2021-26691",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"'- CVE-2020-13938: This flaw lets unprivileged local users stop httpd on Windows. - CVE-2020-35452: A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. - CVE-2021-26690: A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. - CVE-2021-26691: A specially crafted SessionHeader sent by an origin server could cause a heap overflow.","Update to version 2.4.48 or later.","Apache HTTP Server versions 2.4.0 to 2.4.46 on Windows.","The following vulnerabilities exist: - CVE-2020-13938: Improper Handling of Insufficient Privileges - CVE-2020-35452: mod_auth_digest possible stack overflow by one null byte - CVE-2021-26690: mod_session NULL pointer dereference - CVE-2021-26691: mod_session response handling heap overflow","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 - 2.4.46 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.112896) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1047,DFN-CERT-2022-0672,DFN-CERT-2022-0207,DFN-CERT-2022-0122,DFN-CERT-2022-0098,DFN-CERT-2021-2394,DFN-CERT-2021-2365,DFN-CERT-2021-2300,DFN-CERT-2021-2187,DFN-CERT-2021-2153,DFN-CERT-2021-1467,DFN-CERT-2021-1412,DFN-CERT-2021-1355,DFN-CERT-2021-1340,DFN-CERT-2021-1333,DFN-CERT-2021-1321,DFN-CERT-2021-1317,DFN-CERT-2021-1273,WID-SEC-2022-0438,CB-K22/0072,CB-K21/1092,CB-K21/1090,CB-K21/0646","" 192.168.21.101,server2101.example.com,443,tcp,9.8,High,"VendorFix","Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.30 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.812846,"CVE-2018-1312,CVE-2018-1283,CVE-2017-15715,CVE-2017-15710,CVE-2018-1301",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to replay HTTP requests across servers without detection, influence the user content, upload a malicious file, crash the Apache HTTP Server and perform denial of service attack.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions from 2.4.1 to 2.4.4, 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.16 to 2.4.18, 2.4.20, 2.4.23, 2.4.25 to 2.4.29.","Multiple flaws exist due to: - Apache HTTP Server fails to correctly generate the nonce sent to prevent reply attacks. - Misconfigured mod_session variable, HTTP_SESSION. - Apache HTTP Server fails to sanitize the expression specified in ''. - An error in Apache HTTP Server 'mod_authnz_ldap' when configured with AuthLDAPCharsetConfig. - Apache HTTP Server fails to sanitize against a specially crafted request.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812846) Version used: 2022-09-09T00:00:35Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2133,DFN-CERT-2020-0673,DFN-CERT-2019-1550,DFN-CERT-2019-0736,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2316,DFN-CERT-2018-0985,DFN-CERT-2018-0795,DFN-CERT-2018-0703,DFN-CERT-2018-0570,CB-K20/1030","" 192.168.21.101,server2101.example.com,443,tcp,9.8,High,"VendorFix","Apache HTTP Server < 2.4.49 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.49 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.146726,"CVE-2021-34798,CVE-2021-39275,CVE-2021-40438",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.49 or later.","Apache HTTP Server version 2.4.48 and prior.","The following vulnerabilities exist: - CVE-2021-34798: NULL pointer dereference in httpd core - CVE-2021-39275: ap_escape_quotes buffer overflow - CVE-2021-40438: mod_proxy SSRF","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.49 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.146726) Version used: 2022-08-09T00:00:17Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-0904,DFN-CERT-2022-0878,DFN-CERT-2022-0872,DFN-CERT-2022-0869,DFN-CERT-2022-0672,DFN-CERT-2022-0207,DFN-CERT-2022-0119,DFN-CERT-2022-0098,DFN-CERT-2021-2629,DFN-CERT-2021-2471,DFN-CERT-2021-2185,DFN-CERT-2021-2164,DFN-CERT-2021-2153,DFN-CERT-2021-2098,DFN-CERT-2021-2090,DFN-CERT-2021-2047,DFN-CERT-2021-2020,DFN-CERT-2021-1961,WID-SEC-2022-1298,WID-SEC-2022-1189,WID-SEC-2022-0724,CB-K22/0476,CB-K22/0465,CB-K22/0463,CB-K21/0992","" 192.168.21.101,server2101.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server < 2.4.49 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.49 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.146726,"CVE-2021-34798,CVE-2021-39275,CVE-2021-40438",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.49 or later.","Apache HTTP Server version 2.4.48 and prior.","The following vulnerabilities exist: - CVE-2021-34798: NULL pointer dereference in httpd core - CVE-2021-39275: ap_escape_quotes buffer overflow - CVE-2021-40438: mod_proxy SSRF","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.49 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.146726) Version used: 2022-08-09T00:00:17Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-0904,DFN-CERT-2022-0878,DFN-CERT-2022-0872,DFN-CERT-2022-0869,DFN-CERT-2022-0672,DFN-CERT-2022-0207,DFN-CERT-2022-0119,DFN-CERT-2022-0098,DFN-CERT-2021-2629,DFN-CERT-2021-2471,DFN-CERT-2021-2185,DFN-CERT-2021-2164,DFN-CERT-2021-2153,DFN-CERT-2021-2098,DFN-CERT-2021-2090,DFN-CERT-2021-2047,DFN-CERT-2021-2020,DFN-CERT-2021-1961,WID-SEC-2022-1298,WID-SEC-2022-1189,WID-SEC-2022-0724,CB-K22/0476,CB-K22/0465,CB-K22/0463,CB-K21/0992","" 192.168.21.101,server2101.example.com,443,tcp,9.8,High,"VendorFix","Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.53 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.113838,"CVE-2022-22719,CVE-2022-22720,CVE-2022-22721,CVE-2022-23943",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.53 or later.","Apache HTTP Server version 2.4.52 and prior.","The following vulnerabilities exist: - CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody - CVE-2022-22720: HTTP request smuggling vulnerability - CVE-2022-22721: Possible buffer overflow with very large or unlimited LimitXMLRequestBody - CVE-2022-23943: mod_sed: Read/write beyond bounds","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.113838) Version used: 2022-03-21T00:00:41Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2799,DFN-CERT-2022-2509,DFN-CERT-2022-2305,DFN-CERT-2022-2167,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-0899,DFN-CERT-2022-0898,DFN-CERT-2022-0865,DFN-CERT-2022-0747,DFN-CERT-2022-0678,DFN-CERT-2022-0582,WID-SEC-2022-1772,WID-SEC-2022-1335,WID-SEC-2022-1228,WID-SEC-2022-1161,WID-SEC-2022-1057,WID-SEC-2022-0898,WID-SEC-2022-0799,WID-SEC-2022-0755,WID-SEC-2022-0646,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K22/0306","" 192.168.21.101,server2101.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.53 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.113838,"CVE-2022-22719,CVE-2022-22720,CVE-2022-22721,CVE-2022-23943",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.53 or later.","Apache HTTP Server version 2.4.52 and prior.","The following vulnerabilities exist: - CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody - CVE-2022-22720: HTTP request smuggling vulnerability - CVE-2022-22721: Possible buffer overflow with very large or unlimited LimitXMLRequestBody - CVE-2022-23943: mod_sed: Read/write beyond bounds","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.113838) Version used: 2022-03-21T00:00:41Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2799,DFN-CERT-2022-2509,DFN-CERT-2022-2305,DFN-CERT-2022-2167,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-0899,DFN-CERT-2022-0898,DFN-CERT-2022-0865,DFN-CERT-2022-0747,DFN-CERT-2022-0678,DFN-CERT-2022-0582,WID-SEC-2022-1772,WID-SEC-2022-1335,WID-SEC-2022-1228,WID-SEC-2022-1161,WID-SEC-2022-1057,WID-SEC-2022-0898,WID-SEC-2022-0799,WID-SEC-2022-0755,WID-SEC-2022-0646,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K22/0306","" 192.168.21.101,server2101.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server <= 2.4.51 Buffer Overflow Vulnerability - Windows","Apache HTTP Server is prone to a buffer overflow vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.52 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.117857,"CVE-2021-44790",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.52 or later.","Apache HTTP Server versions through 2.4.51.","A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server <= 2.4.51 Buffer Overflow Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.117857) Version used: 2021-12-23T00:00:57Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-0747,DFN-CERT-2022-0369,DFN-CERT-2022-0192,DFN-CERT-2022-0098,DFN-CERT-2022-0068,DFN-CERT-2021-2656,WID-SEC-2022-1908,WID-SEC-2022-1767,WID-SEC-2022-1057,WID-SEC-2022-0727,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K21/1296","" 192.168.21.101,server2101.example.com,443,tcp,9.8,High,"VendorFix","Apache HTTP Server <= 2.4.51 Buffer Overflow Vulnerability - Windows","Apache HTTP Server is prone to a buffer overflow vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.52 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.117857,"CVE-2021-44790",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.52 or later.","Apache HTTP Server versions through 2.4.51.","A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server <= 2.4.51 Buffer Overflow Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.117857) Version used: 2021-12-23T00:00:57Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-0747,DFN-CERT-2022-0369,DFN-CERT-2022-0192,DFN-CERT-2022-0098,DFN-CERT-2022-0068,DFN-CERT-2021-2656,WID-SEC-2022-1908,WID-SEC-2022-1767,WID-SEC-2022-1057,WID-SEC-2022-0727,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K21/1296","" 192.168.21.101,server2101.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server 2.4.0 - 2.4.46 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.48 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.112896,"CVE-2020-13938,CVE-2020-35452,CVE-2021-26690,CVE-2021-26691",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"'- CVE-2020-13938: This flaw lets unprivileged local users stop httpd on Windows. - CVE-2020-35452: A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. - CVE-2021-26690: A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. - CVE-2021-26691: A specially crafted SessionHeader sent by an origin server could cause a heap overflow.","Update to version 2.4.48 or later.","Apache HTTP Server versions 2.4.0 to 2.4.46 on Windows.","The following vulnerabilities exist: - CVE-2020-13938: Improper Handling of Insufficient Privileges - CVE-2020-35452: mod_auth_digest possible stack overflow by one null byte - CVE-2021-26690: mod_session NULL pointer dereference - CVE-2021-26691: mod_session response handling heap overflow","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 - 2.4.46 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.112896) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1047,DFN-CERT-2022-0672,DFN-CERT-2022-0207,DFN-CERT-2022-0122,DFN-CERT-2022-0098,DFN-CERT-2021-2394,DFN-CERT-2021-2365,DFN-CERT-2021-2300,DFN-CERT-2021-2187,DFN-CERT-2021-2153,DFN-CERT-2021-1467,DFN-CERT-2021-1412,DFN-CERT-2021-1355,DFN-CERT-2021-1340,DFN-CERT-2021-1333,DFN-CERT-2021-1321,DFN-CERT-2021-1317,DFN-CERT-2021-1273,WID-SEC-2022-0438,CB-K22/0072,CB-K21/1092,CB-K21/1090,CB-K21/0646","" 192.168.21.101,server2101.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.30 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.812846,"CVE-2018-1312,CVE-2018-1283,CVE-2017-15715,CVE-2017-15710,CVE-2018-1301",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to replay HTTP requests across servers without detection, influence the user content, upload a malicious file, crash the Apache HTTP Server and perform denial of service attack.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions from 2.4.1 to 2.4.4, 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.16 to 2.4.18, 2.4.20, 2.4.23, 2.4.25 to 2.4.29.","Multiple flaws exist due to: - Apache HTTP Server fails to correctly generate the nonce sent to prevent reply attacks. - Misconfigured mod_session variable, HTTP_SESSION. - Apache HTTP Server fails to sanitize the expression specified in ''. - An error in Apache HTTP Server 'mod_authnz_ldap' when configured with AuthLDAPCharsetConfig. - Apache HTTP Server fails to sanitize against a specially crafted request.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812846) Version used: 2022-09-09T00:00:35Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2133,DFN-CERT-2020-0673,DFN-CERT-2019-1550,DFN-CERT-2019-0736,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2316,DFN-CERT-2018-0985,DFN-CERT-2018-0795,DFN-CERT-2018-0703,DFN-CERT-2018-0570,CB-K20/1030","" 192.168.21.101,server2101.example.com,80,tcp,9.1,High,"VendorFix","Apache HTTP Server Memory Access Vulnerability (Windows)","Apache HTTP Server is prone to a memory access vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.41 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.114150,"CVE-2019-10082",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.41 or later.","Apache HTTP Server version 2.4.18 to 2.4.39.","Using fuzzed network input, the http/2 session handling could be made to read memory after being freed during connection shutdown.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Memory Access Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.114150) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2020-2422,DFN-CERT-2020-0716,DFN-CERT-2019-1810,DFN-CERT-2019-1751,WID-SEC-2022-0757,CB-K20/0708,CB-K19/0728","" 192.168.21.101,server2101.example.com,443,tcp,9.1,High,"VendorFix","Apache HTTP Server Memory Access Vulnerability (Windows)","Apache HTTP Server is prone to a memory access vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.41 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.114150,"CVE-2019-10082",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.41 or later.","Apache HTTP Server version 2.4.18 to 2.4.39.","Using fuzzed network input, the http/2 session handling could be made to read memory after being freed during connection shutdown.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Memory Access Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.114150) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2020-2422,DFN-CERT-2020-0716,DFN-CERT-2019-1810,DFN-CERT-2019-1751,WID-SEC-2022-0757,CB-K20/0708,CB-K19/0728","" 192.168.21.101,server2101.example.com,443,tcp,8.2,High,"VendorFix","Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.52 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.117855,"CVE-2021-44224",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.52 or later.","Apache HTTP Server version 2.4.7 through 2.4.51.","A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.117855) Version used: 2021-12-23T00:00:57Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-1047,DFN-CERT-2022-0872,DFN-CERT-2022-0068,DFN-CERT-2021-2656,WID-SEC-2022-1057,WID-SEC-2022-0727,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K21/1296","" 192.168.21.101,server2101.example.com,80,tcp,8.2,High,"VendorFix","Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.52 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.117855,"CVE-2021-44224",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.52 or later.","Apache HTTP Server version 2.4.7 through 2.4.51.","A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.117855) Version used: 2021-12-23T00:00:57Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-1047,DFN-CERT-2022-0872,DFN-CERT-2022-0068,DFN-CERT-2021-2656,WID-SEC-2022-1057,WID-SEC-2022-0727,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K21/1296","" 192.168.21.101,server2101.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.48 NULL Pointer Dereference Vulnerability - Windows","Apache HTTP Server is prone to a NULL pointer dereference vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.48 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.112904,"CVE-2021-31618",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to crash the server.","Update to version 2.4.48 or later.","Apache HTTP Server before version 2.4.48 on Windows.","Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions an HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.48 NULL Pointer Dereference Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.112904) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1549,DFN-CERT-2021-1467,DFN-CERT-2021-1355,DFN-CERT-2021-1333,DFN-CERT-2021-1329,DFN-CERT-2021-1276,DFN-CERT-2021-1273,CB-K21/0611","" 192.168.21.101,server2101.example.com,443,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability (Windows)","In Apache HTTP Server, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.","Installed version: 2.4.29 Fixed version: 2.4.39 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.142221,"CVE-2019-0217",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerabil... (OID: 1.3.6.1.4.1.25623.1.0.142221) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0736,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0680,DFN-CERT-2019-0676","" 192.168.21.101,server2101.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability (Windows)","In Apache HTTP Server, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.","Installed version: 2.4.29 Fixed version: 2.4.39 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.142221,"CVE-2019-0217",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerabil... (OID: 1.3.6.1.4.1.25623.1.0.142221) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0736,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0680,DFN-CERT-2019-0676","" 192.168.21.101,server2101.example.com,443,tcp,7.5,High,"VendorFix","Apache HTTP Server 2.4.20 - 2.4.39 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.41 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.114148,"CVE-2019-9517,CVE-2019-10081",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.41 or later.","Apache HTTP Server version 2.4.20 to 2.4.39.","Apache HTTP server is prone to multiple vulnerabilities: - A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. (CVE-2019-9517) - HTTP/2 very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.20 - 2.4.39 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.114148) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-0776,DFN-CERT-2020-2422,DFN-CERT-2020-0779,DFN-CERT-2020-0716,DFN-CERT-2020-0640,DFN-CERT-2020-0630,DFN-CERT-2020-0595,DFN-CERT-2020-0054,DFN-CERT-2019-2456,DFN-CERT-2019-1992,DFN-CERT-2019-1810,DFN-CERT-2019-1751,DFN-CERT-2019-1727,DFN-CERT-2019-1690,CB-K20/0708,CB-K19/0728","" 192.168.21.101,server2101.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server Denial of Service Vulnerability-02 Apr18 (Windows)","Apache HTTP Server is prone to a denial of service vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.30 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.812847,"CVE-2018-1303",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to crash the Apache HTTP Server resulting in denial of service condition.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.16 through 2.4.18, 2.4.20, 2.4.23, and 2.4.25 through 2.4.29.","The flaw exists as the Apache HTTP Server fails to sanitize against a specially crafted HTTP request header.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Denial of Service Vulnerability-02 Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812847) Version used: 2022-04-13T00:00:45Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2133,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2316,DFN-CERT-2018-0985,DFN-CERT-2018-0570,CB-K20/1030","" 192.168.21.101,server2101.example.com,443,tcp,7.5,High,"VendorFix","Apache HTTP Server Denial of Service Vulnerability-02 Apr18 (Windows)","Apache HTTP Server is prone to a denial of service vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.30 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.812847,"CVE-2018-1303",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to crash the Apache HTTP Server resulting in denial of service condition.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.16 through 2.4.18, 2.4.20, 2.4.23, and 2.4.25 through 2.4.29.","The flaw exists as the Apache HTTP Server fails to sanitize against a specially crafted HTTP request header.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Denial of Service Vulnerability-02 Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812847) Version used: 2022-04-13T00:00:45Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2133,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2316,DFN-CERT-2018-0985,DFN-CERT-2018-0570,CB-K20/1030","" 192.168.21.101,server2101.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability (Windows)","In Apache HTTP Server mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.","Installed version: 2.4.29 Fixed version: 2.4.38 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.141963,"CVE-2018-17199",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.38 or later.","Apache HTTP Server version 2.4.37 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.141963) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1069,DFN-CERT-2020-0673,DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0857,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0198,DFN-CERT-2019-0184","" 192.168.21.101,server2101.example.com,443,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability (Windows)","In Apache HTTP Server mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.","Installed version: 2.4.29 Fixed version: 2.4.38 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.141963,"CVE-2018-17199",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.38 or later.","Apache HTTP Server version 2.4.37 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.141963) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1069,DFN-CERT-2020-0673,DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0857,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0198,DFN-CERT-2019-0184","" 192.168.21.101,server2101.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server 2.4.20 < 2.4.44 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.44 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.144373,"CVE-2020-9490,CVE-2020-11993",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.44 or later.","Apache HTTP Server version 2.4.2 to 2.4.43.","The following vulnerabilities exist: - Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-9490) - Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-11993)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.20 < 2.4.44 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.144373) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-0074,DFN-CERT-2021-1069,DFN-CERT-2020-2628,DFN-CERT-2020-2345,DFN-CERT-2020-2338,DFN-CERT-2020-1985,DFN-CERT-2020-1905,DFN-CERT-2020-1793,DFN-CERT-2020-1744,WID-SEC-2023-0063,CB-K21/0341,CB-K21/0068,CB-K20/0798","" 192.168.21.101,server2101.example.com,443,tcp,7.5,High,"VendorFix","Apache HTTP Server 2.4.20 < 2.4.44 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.44 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.144373,"CVE-2020-9490,CVE-2020-11993",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.44 or later.","Apache HTTP Server version 2.4.2 to 2.4.43.","The following vulnerabilities exist: - Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-9490) - Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-11993)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.20 < 2.4.44 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.144373) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-0074,DFN-CERT-2021-1069,DFN-CERT-2020-2628,DFN-CERT-2020-2345,DFN-CERT-2020-2338,DFN-CERT-2020-1985,DFN-CERT-2020-1905,DFN-CERT-2020-1793,DFN-CERT-2020-1744,WID-SEC-2023-0063,CB-K21/0341,CB-K21/0068,CB-K20/0798","" 192.168.21.101,server2101.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server 2.4.20 - 2.4.39 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.41 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.114148,"CVE-2019-9517,CVE-2019-10081",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.41 or later.","Apache HTTP Server version 2.4.20 to 2.4.39.","Apache HTTP server is prone to multiple vulnerabilities: - A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. (CVE-2019-9517) - HTTP/2 very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.20 - 2.4.39 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.114148) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-0776,DFN-CERT-2020-2422,DFN-CERT-2020-0779,DFN-CERT-2020-0716,DFN-CERT-2020-0640,DFN-CERT-2020-0630,DFN-CERT-2020-0595,DFN-CERT-2020-0054,DFN-CERT-2019-2456,DFN-CERT-2019-1992,DFN-CERT-2019-1810,DFN-CERT-2019-1751,DFN-CERT-2019-1727,DFN-CERT-2019-1690,CB-K20/0708,CB-K19/0728","" 192.168.21.101,server2101.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server 2.4.17 < 2.4.49 mod_proxy HTTP/2 Request Smuggling Vulnerability - Windows","Apache HTTP Server is prone to an HTTP/2 request smuggling vulnerability in the 'mod_proxy' module.","Installed version: 2.4.29 Fixed version: 2.4.49 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.117616,"CVE-2021-33193",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.49 or later.","Apache HTTP Server version 2.4.17 through 2.4.48 running the mod_proxy module together with an enabled HTTP/2 protocol.","Apache's mod_proxy allows spaces in the :method of HTTP/2 requests, enabling request line injection. If the back-end server tolerates trailing junk in the request line, this lets an attacker to bypass block rules.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.17 < 2.4.49 'mod_proxy' HTTP/2 Request Smuggling Vuln... (OID: 1.3.6.1.4.1.25623.1.0.117616) Version used: 2021-09-17T00:00:51Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-1047,DFN-CERT-2021-2471,DFN-CERT-2021-1961,DFN-CERT-2021-1854,WID-SEC-2022-0722,CB-K21/0878","" 192.168.21.101,server2101.example.com,443,tcp,7.5,High,"VendorFix","Apache HTTP Server 2.4.17 < 2.4.49 mod_proxy HTTP/2 Request Smuggling Vulnerability - Windows","Apache HTTP Server is prone to an HTTP/2 request smuggling vulnerability in the 'mod_proxy' module.","Installed version: 2.4.29 Fixed version: 2.4.49 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.117616,"CVE-2021-33193",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.49 or later.","Apache HTTP Server version 2.4.17 through 2.4.48 running the mod_proxy module together with an enabled HTTP/2 protocol.","Apache's mod_proxy allows spaces in the :method of HTTP/2 requests, enabling request line injection. If the back-end server tolerates trailing junk in the request line, this lets an attacker to bypass block rules.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.17 < 2.4.49 'mod_proxy' HTTP/2 Request Smuggling Vuln... (OID: 1.3.6.1.4.1.25623.1.0.117616) Version used: 2021-09-17T00:00:51Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-1047,DFN-CERT-2021-2471,DFN-CERT-2021-1961,DFN-CERT-2021-1854,WID-SEC-2022-0722,CB-K21/0878","" 192.168.21.101,server2101.example.com,443,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.48 NULL Pointer Dereference Vulnerability - Windows","Apache HTTP Server is prone to a NULL pointer dereference vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.48 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.112904,"CVE-2021-31618",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to crash the server.","Update to version 2.4.48 or later.","Apache HTTP Server before version 2.4.48 on Windows.","Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions an HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.48 NULL Pointer Dereference Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.112904) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1549,DFN-CERT-2021-1467,DFN-CERT-2021-1355,DFN-CERT-2021-1333,DFN-CERT-2021-1329,DFN-CERT-2021-1276,DFN-CERT-2021-1273,CB-K21/0611","" 192.168.21.101,server2101.example.com,80,tcp,6.1,Medium,"VendorFix","Apache HTTP Server 2.4.0 - 2.4.40 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.41 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.114144,"CVE-2019-10092,CVE-2019-10098",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.41 or later.","Apache HTTP Server version 2.4.0 to 2.4.40.","Apache HTTP server is prone to multiple vulnerabilities: - A limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092) - Redirects configured with mod_rewrite that were intended to be self referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 - 2.4.40 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.114144) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1333,DFN-CERT-2021-0540,DFN-CERT-2020-2422,DFN-CERT-2020-2133,DFN-CERT-2020-1124,DFN-CERT-2020-0716,DFN-CERT-2020-0090,DFN-CERT-2019-2592,DFN-CERT-2019-2169,DFN-CERT-2019-1961,DFN-CERT-2019-1810,DFN-CERT-2019-1797,DFN-CERT-2019-1751,CB-K20/1030,CB-K20/0708,CB-K20/0043,CB-K19/0728","" 192.168.21.101,server2101.example.com,80,tcp,6.1,Medium,"VendorFix","Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.42 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.143672,"CVE-2020-1927,CVE-2020-1934",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.42 or later.","Apache HTTP Server version 2.4.0 to 2.4.41.","Apache HTTP Server is prone to multiple vulnerabilities: - mod_rewrite CWE-601 open redirect (CVE-2020-1927) - mod_proxy_ftp use of uninitialized value (CVE-2020-1934)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.143672) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2022-0074,DFN-CERT-2021-1467,DFN-CERT-2020-2422,DFN-CERT-2020-2133,DFN-CERT-2020-1854,DFN-CERT-2020-1793,DFN-CERT-2020-1538,DFN-CERT-2020-1335,DFN-CERT-2020-1289,DFN-CERT-2020-1124,DFN-CERT-2020-0850,DFN-CERT-2020-0835,DFN-CERT-2020-0688,WID-SEC-2023-0063,WID-SEC-2022-0757,CB-K20/1030,CB-K20/0708,CB-K20/0691,CB-K20/0280","" 192.168.21.101,server2101.example.com,443,tcp,6.1,Medium,"VendorFix","Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.42 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.143672,"CVE-2020-1927,CVE-2020-1934",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.42 or later.","Apache HTTP Server version 2.4.0 to 2.4.41.","Apache HTTP Server is prone to multiple vulnerabilities: - mod_rewrite CWE-601 open redirect (CVE-2020-1927) - mod_proxy_ftp use of uninitialized value (CVE-2020-1934)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.143672) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2022-0074,DFN-CERT-2021-1467,DFN-CERT-2020-2422,DFN-CERT-2020-2133,DFN-CERT-2020-1854,DFN-CERT-2020-1793,DFN-CERT-2020-1538,DFN-CERT-2020-1335,DFN-CERT-2020-1289,DFN-CERT-2020-1124,DFN-CERT-2020-0850,DFN-CERT-2020-0835,DFN-CERT-2020-0688,WID-SEC-2023-0063,WID-SEC-2022-0757,CB-K20/1030,CB-K20/0708,CB-K20/0691,CB-K20/0280","" 192.168.21.101,server2101.example.com,443,tcp,6.1,Medium,"VendorFix","Apache HTTP Server 2.4.0 - 2.4.40 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.29 Fixed version: 2.4.41 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.114144,"CVE-2019-10092,CVE-2019-10098",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.41 or later.","Apache HTTP Server version 2.4.0 to 2.4.40.","Apache HTTP server is prone to multiple vulnerabilities: - A limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092) - Redirects configured with mod_rewrite that were intended to be self referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 - 2.4.40 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.114144) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1333,DFN-CERT-2021-0540,DFN-CERT-2020-2422,DFN-CERT-2020-2133,DFN-CERT-2020-1124,DFN-CERT-2020-0716,DFN-CERT-2020-0090,DFN-CERT-2019-2592,DFN-CERT-2019-2169,DFN-CERT-2019-1961,DFN-CERT-2019-1810,DFN-CERT-2019-1797,DFN-CERT-2019-1751,CB-K20/1030,CB-K20/0708,CB-K20/0043,CB-K19/0728","" 192.168.21.101,server2101.example.com,443,tcp,5.9,Medium,"VendorFix","Apache HTTP Server Denial of Service Vulnerability Apr18 (Windows)","Apache HTTP Server is prone to a denial of service vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.30 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.812850,"CVE-2018-1302",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to destroy an HTTP/2 stream, resulting in a denial of service condition.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions 2.4.17, 2.4.18, 2.4.20, 2.4.23 and from 2.4.25 to 2.4.29.","The flaw exists as the Apache HTTP Server writes a NULL pointer potentially to an already freed memory.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Denial of Service Vulnerability Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812850) Version used: 2022-04-13T00:00:45Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2011,DFN-CERT-2018-1386,DFN-CERT-2018-0985,DFN-CERT-2018-0570","" 192.168.21.101,server2101.example.com,443,tcp,5.9,Medium,"VendorFix","Apache HTTP Server HTTP/2 SETTINGS Data Processing DoS Vulnerability (Windows)","Apache HTTP Server is prone to a denial-of-service vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.35 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.814057,"CVE-2018-11763",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to cause a denial of service (DoS) condition on a targeted system.","Update to Apache HTTP Server 2.4.35 or later. Please see the references for more information.","Apache HTTP Server versions 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18.","The flaw is due to an improper processing of specially crafted and continuous SETTINGS data for an ongoing HTTP/2 connection to cause the target service to fail to timeout.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server HTTP/2 'SETTINGS' Data Processing DoS Vulnerability (Wind... (OID: 1.3.6.1.4.1.25623.1.0.814057) Version used: 2021-06-14T00:00:34Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-1562,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2019-0112,DFN-CERT-2019-0104,DFN-CERT-2018-2316,DFN-CERT-2018-2044,DFN-CERT-2018-2011","" 192.168.21.101,server2101.example.com,80,tcp,5.9,Medium,"VendorFix","Apache HTTP Server Denial of Service Vulnerability Apr18 (Windows)","Apache HTTP Server is prone to a denial of service vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.30 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.812850,"CVE-2018-1302",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to destroy an HTTP/2 stream, resulting in a denial of service condition.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions 2.4.17, 2.4.18, 2.4.20, 2.4.23 and from 2.4.25 to 2.4.29.","The flaw exists as the Apache HTTP Server writes a NULL pointer potentially to an already freed memory.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Denial of Service Vulnerability Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812850) Version used: 2022-04-13T00:00:45Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2011,DFN-CERT-2018-1386,DFN-CERT-2018-0985,DFN-CERT-2018-0570","" 192.168.21.101,server2101.example.com,80,tcp,5.9,Medium,"VendorFix","Apache HTTP Server HTTP/2 SETTINGS Data Processing DoS Vulnerability (Windows)","Apache HTTP Server is prone to a denial-of-service vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.35 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.814057,"CVE-2018-11763",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to cause a denial of service (DoS) condition on a targeted system.","Update to Apache HTTP Server 2.4.35 or later. Please see the references for more information.","Apache HTTP Server versions 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18.","The flaw is due to an improper processing of specially crafted and continuous SETTINGS data for an ongoing HTTP/2 connection to cause the target service to fail to timeout.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server HTTP/2 'SETTINGS' Data Processing DoS Vulnerability (Wind... (OID: 1.3.6.1.4.1.25623.1.0.814057) Version used: 2021-06-14T00:00:34Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-1562,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2019-0112,DFN-CERT-2019-0104,DFN-CERT-2018-2316,DFN-CERT-2018-2044,DFN-CERT-2018-2011","" 192.168.21.101,server2101.example.com,443,tcp,5.3,Medium,"VendorFix","Apache HTTP Server < 2.4.39 URL Normalization Vulnerability (Windows)","When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.","Installed version: 2.4.29 Fixed version: 2.4.39 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.142229,"CVE-2019-0220",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 URL Normalization Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142229) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2020-0184,DFN-CERT-2019-2592,DFN-CERT-2019-1519,DFN-CERT-2019-0815,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0680,DFN-CERT-2019-0676,WID-SEC-2022-0757,CB-K20/0708","" 192.168.21.101,server2101.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server < 2.4.39 URL Normalization Vulnerability (Windows)","When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.","Installed version: 2.4.29 Fixed version: 2.4.39 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.142229,"CVE-2019-0220",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 URL Normalization Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142229) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2020-0184,DFN-CERT-2019-2592,DFN-CERT-2019-1519,DFN-CERT-2019-0815,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0680,DFN-CERT-2019-0676,WID-SEC-2022-0757,CB-K20/0708","" 192.168.21.101,server2101.example.com,22,tcp,5.3,Medium,"WillNotFix","OpenSSH auth2-gss.c User Enumeration Vulnerability - Windows","OpenSSH is prone to a user enumeration vulnerability.","Installed version: 7.6p1 Fixed version: None Installation path / port: 22/tcp ",1.3.6.1.4.1.25623.1.0.813887,"CVE-2018-15919",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successfully exploitation will allow a remote attacker to harvest valid user accounts, which may aid in brute-force attacks.","No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.","OpenSSH version 5.9 through 7.8.","The flaw exists in the 'auth-gss2.c' source code file of the affected software and is due to insufficient validation of an authentication request packet when the Guide Star Server II (GSS2) component is used on an affected system.","Checks if a vulnerable version is present on the target host. Details: OpenSSH 'auth2-gss.c' User Enumeration Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.813887) Version used: 2021-05-28T00:00:21Z ","Product: cpe:/a:openbsd:openssh:7.6p1 Method: OpenSSH Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.108577) ","","DFN-CERT-2018-2293,DFN-CERT-2018-2191","" 192.168.21.101,server2101.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability (Windows)","Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.","Installed version: 2.4.29 Fixed version: 2.4.39 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.142227,"CVE-2019-0196",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142227) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2422,DFN-CERT-2020-1335,DFN-CERT-2019-2456,DFN-CERT-2019-1054,DFN-CERT-2019-0687,DFN-CERT-2019-0676","" 192.168.21.101,server2101.example.com,22,tcp,5.3,Medium,"VendorFix","OpenSSH < 7.8 User Enumeration Vulnerability - Windows","OpenSSH is prone to a user enumeration vulnerability.","Installed version: 7.6p1 Fixed version: 7.8 Installation path / port: 22/tcp ",1.3.6.1.4.1.25623.1.0.813863,"CVE-2018-15473",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successfully exploitation will allow remote attacker to test whether a certain user exists or not (username enumeration) on a target OpenSSH server.","Update to version 7.8 or later.","OpenSSH versions 7.7 and prior.","The flaw is due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c","Checks if a vulnerable version is present on the target host. Details: OpenSSH < 7.8 User Enumeration Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.813863) Version used: 2021-10-11T00:00:29Z ","Product: cpe:/a:openbsd:openssh:7.6p1 Method: OpenSSH Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.108577) ","","DFN-CERT-2021-2178,DFN-CERT-2020-2189,DFN-CERT-2020-0228,DFN-CERT-2019-2046,DFN-CERT-2019-0857,DFN-CERT-2019-0362,DFN-CERT-2018-2293,DFN-CERT-2018-2259,DFN-CERT-2018-2191,DFN-CERT-2018-1806,DFN-CERT-2018-1696,CB-K20/0041","" 192.168.21.101,server2101.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability - Windows","Apache HTTP Server is prone to a tunneling misconfiguration vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.48 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.112899,"CVE-2019-17567",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.48 or later.","Apache HTTP Server versions 2.4.6 to 2.4.46 on Windows.","mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability -... (OID: 1.3.6.1.4.1.25623.1.0.112899) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-2394,DFN-CERT-2021-1273,WID-SEC-2022-0438,CB-K21/0646","" 192.168.21.101,server2101.example.com,443,tcp,5.3,Medium,"VendorFix","Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability - Windows","Apache HTTP Server is prone to a tunneling misconfiguration vulnerability.","Installed version: 2.4.29 Fixed version: 2.4.48 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.112899,"CVE-2019-17567",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.48 or later.","Apache HTTP Server versions 2.4.6 to 2.4.46 on Windows.","mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability -... (OID: 1.3.6.1.4.1.25623.1.0.112899) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-2394,DFN-CERT-2021-1273,WID-SEC-2022-0438,CB-K21/0646","" 192.168.21.101,server2101.example.com,443,tcp,5.3,Medium,"VendorFix","Apache HTTP Server < 2.4.38 HTTP/2 DoS Vulnerability (Windows)","By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.","Installed version: 2.4.29 Fixed version: 2.4.38 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.141965,"CVE-2018-17189",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.38 or later.","Apache HTTP Server version 2.4.37 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.38 HTTP/2 DoS Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.141965) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2422,DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0781,DFN-CERT-2019-0687,DFN-CERT-2019-0529,DFN-CERT-2019-0184,CB-K20/0041","" 192.168.21.101,server2101.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server < 2.4.38 HTTP/2 DoS Vulnerability (Windows)","By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.","Installed version: 2.4.29 Fixed version: 2.4.38 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.141965,"CVE-2018-17189",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.38 or later.","Apache HTTP Server version 2.4.37 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.38 HTTP/2 DoS Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.141965) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2422,DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0781,DFN-CERT-2019-0687,DFN-CERT-2019-0529,DFN-CERT-2019-0184,CB-K20/0041","" 192.168.21.101,server2101.example.com,443,tcp,5.3,Medium,"VendorFix","Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability (Windows)","Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.","Installed version: 2.4.29 Fixed version: 2.4.39 Installation path / port: 443/tcp ",1.3.6.1.4.1.25623.1.0.142227,"CVE-2019-0196",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142227) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.29 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2422,DFN-CERT-2020-1335,DFN-CERT-2019-2456,DFN-CERT-2019-1054,DFN-CERT-2019-0687,DFN-CERT-2019-0676","" 192.168.21.101,server2101.example.com,,,2.6,Low,"Mitigation","TCP timestamps","The remote host implements TCP timestamps and therefore allows to compute the uptime.","It was detected that the host implements RFC1323/RFC7323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 1998300117 Packet 2: 1998301191 ",1.3.6.1.4.1.25623.1.0.80091,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"A side effect of this feature is that the uptime of the remote host can sometimes be computed.","To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported. Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091) Version used: 2020-08-24T00:00:10Z ","","","","" 192.168.20.102,server1002.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.53 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.113838,"CVE-2022-22719,CVE-2022-22720,CVE-2022-22721,CVE-2022-23943",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.53 or later.","Apache HTTP Server version 2.4.52 and prior.","The following vulnerabilities exist: - CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody - CVE-2022-22720: HTTP request smuggling vulnerability - CVE-2022-22721: Possible buffer overflow with very large or unlimited LimitXMLRequestBody - CVE-2022-23943: mod_sed: Read/write beyond bounds","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.113838) Version used: 2022-03-21T00:00:41Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2799,DFN-CERT-2022-2509,DFN-CERT-2022-2305,DFN-CERT-2022-2167,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-0899,DFN-CERT-2022-0898,DFN-CERT-2022-0865,DFN-CERT-2022-0747,DFN-CERT-2022-0678,DFN-CERT-2022-0582,WID-SEC-2022-1772,WID-SEC-2022-1335,WID-SEC-2022-1228,WID-SEC-2022-1161,WID-SEC-2022-1057,WID-SEC-2022-0898,WID-SEC-2022-0799,WID-SEC-2022-0755,WID-SEC-2022-0646,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K22/0306","" 192.168.20.102,server1002.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.30 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.812846,"CVE-2018-1312,CVE-2018-1283,CVE-2017-15715,CVE-2017-15710,CVE-2018-1301",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to replay HTTP requests across servers without detection, influence the user content, upload a malicious file, crash the Apache HTTP Server and perform denial of service attack.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions from 2.4.1 to 2.4.4, 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.16 to 2.4.18, 2.4.20, 2.4.23, 2.4.25 to 2.4.29.","Multiple flaws exist due to: - Apache HTTP Server fails to correctly generate the nonce sent to prevent reply attacks. - Misconfigured mod_session variable, HTTP_SESSION. - Apache HTTP Server fails to sanitize the expression specified in ''. - An error in Apache HTTP Server 'mod_authnz_ldap' when configured with AuthLDAPCharsetConfig. - Apache HTTP Server fails to sanitize against a specially crafted request.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Multiple Vulnerabilities Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812846) Version used: 2022-09-09T00:00:35Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2133,DFN-CERT-2020-0673,DFN-CERT-2019-1550,DFN-CERT-2019-0736,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2316,DFN-CERT-2018-0985,DFN-CERT-2018-0795,DFN-CERT-2018-0703,DFN-CERT-2018-0570,CB-K20/1030","" 192.168.20.102,server1002.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server 2.4.0 - 2.4.46 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.48 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.112896,"CVE-2020-13938,CVE-2020-35452,CVE-2021-26690,CVE-2021-26691",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"'- CVE-2020-13938: This flaw lets unprivileged local users stop httpd on Windows. - CVE-2020-35452: A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. - CVE-2021-26690: A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. - CVE-2021-26691: A specially crafted SessionHeader sent by an origin server could cause a heap overflow.","Update to version 2.4.48 or later.","Apache HTTP Server versions 2.4.0 to 2.4.46 on Windows.","The following vulnerabilities exist: - CVE-2020-13938: Improper Handling of Insufficient Privileges - CVE-2020-35452: mod_auth_digest possible stack overflow by one null byte - CVE-2021-26690: mod_session NULL pointer dereference - CVE-2021-26691: mod_session response handling heap overflow","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 - 2.4.46 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.112896) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1047,DFN-CERT-2022-0672,DFN-CERT-2022-0207,DFN-CERT-2022-0122,DFN-CERT-2022-0098,DFN-CERT-2021-2394,DFN-CERT-2021-2365,DFN-CERT-2021-2300,DFN-CERT-2021-2187,DFN-CERT-2021-2153,DFN-CERT-2021-1467,DFN-CERT-2021-1412,DFN-CERT-2021-1355,DFN-CERT-2021-1340,DFN-CERT-2021-1333,DFN-CERT-2021-1321,DFN-CERT-2021-1317,DFN-CERT-2021-1273,WID-SEC-2022-0438,CB-K22/0072,CB-K21/1092,CB-K21/1090,CB-K21/0646","" 192.168.20.102,server1002.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server < 2.4.49 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.49 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.146726,"CVE-2021-34798,CVE-2021-39275,CVE-2021-40438",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.49 or later.","Apache HTTP Server version 2.4.48 and prior.","The following vulnerabilities exist: - CVE-2021-34798: NULL pointer dereference in httpd core - CVE-2021-39275: ap_escape_quotes buffer overflow - CVE-2021-40438: mod_proxy SSRF","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.49 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.146726) Version used: 2022-08-09T00:00:17Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-0904,DFN-CERT-2022-0878,DFN-CERT-2022-0872,DFN-CERT-2022-0869,DFN-CERT-2022-0672,DFN-CERT-2022-0207,DFN-CERT-2022-0119,DFN-CERT-2022-0098,DFN-CERT-2021-2629,DFN-CERT-2021-2471,DFN-CERT-2021-2185,DFN-CERT-2021-2164,DFN-CERT-2021-2153,DFN-CERT-2021-2098,DFN-CERT-2021-2090,DFN-CERT-2021-2047,DFN-CERT-2021-2020,DFN-CERT-2021-1961,WID-SEC-2022-1298,WID-SEC-2022-1189,WID-SEC-2022-0724,CB-K22/0476,CB-K22/0465,CB-K22/0463,CB-K21/0992","" 192.168.20.102,server1002.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.54 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.148253,"CVE-2022-26377,CVE-2022-28330,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30556,CVE-2022-31813",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.54 or later.","Apache HTTP Server version 2.4.53 and prior.","The following vulnerabilities exist: - CVE-2022-26377: mod_proxy_ajp: Possible request smuggling - CVE-2022-28330: Read beyond bounds in mod_isapi - CVE-2022-28614: Read beyond bounds via ap_rwrite() - CVE-2022-28615: Read beyond bounds in ap_strcmp_match() - CVE-2022-29404: Denial of service in mod_lua r:parsebody - CVE-2022-30556: Information disclosure in mod_lua with websockets - CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.148253) Version used: 2022-06-20T00:00:15Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2799,DFN-CERT-2022-2789,DFN-CERT-2022-2652,DFN-CERT-2022-2509,DFN-CERT-2022-2310,DFN-CERT-2022-2167,DFN-CERT-2022-1837,DFN-CERT-2022-1833,DFN-CERT-2022-1720,DFN-CERT-2022-1353,DFN-CERT-2022-1296,WID-SEC-2022-1767,WID-SEC-2022-1766,WID-SEC-2022-1764,WID-SEC-2022-0858,WID-SEC-2022-0799,WID-SEC-2022-0192,CB-K22/0692","" 192.168.20.102,server1002.example.com,80,tcp,9.8,High,"VendorFix","Apache Tomcat JK Connector (mod_jk) 1.2.0 - 1.2.41 Buffer Overflow Vulnerability - Windows","Apache Tomcat JK Connector (mod_jk) is prone to a buffer overflow vulnerability.","Installed version: 1.2.40 Fixed version: 1.2.42 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.812786,"CVE-2016-6808",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successfully exploiting this issue will allow remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.","Update to version 1.2.42 or later.","Apache Tomcat JK Connector (mod_jk) version 1.2.0 through 1.2.41.","The flaw exists as IIS/ISAPI specific code implements special handling when a virtual host is present. The virtual host name and the URI are concatenated to create a virtual host mapping rule. The length checks prior to writing to the target buffer for this rule did not take account of the length of the virtual host name.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat JK Connector (mod_jk) 1.2.0 - 1.2.41 Buffer Overflow Vulnerabi... (OID: 1.3.6.1.4.1.25623.1.0.812786) Version used: 2022-04-13T00:00:45Z ","Product: cpe:/a:apache:mod_jk:1.2.40 Method: Apache Tomcat JK Connector (mod_jk) Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.800279) ","","","" 192.168.20.102,server1002.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server <= 2.4.51 Buffer Overflow Vulnerability - Windows","Apache HTTP Server is prone to a buffer overflow vulnerability.","Installed version: 2.4.10 Fixed version: 2.4.52 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.117857,"CVE-2021-44790",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.52 or later.","Apache HTTP Server versions through 2.4.51.","A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server <= 2.4.51 Buffer Overflow Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.117857) Version used: 2021-12-23T00:00:57Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-0747,DFN-CERT-2022-0369,DFN-CERT-2022-0192,DFN-CERT-2022-0098,DFN-CERT-2022-0068,DFN-CERT-2021-2656,WID-SEC-2022-1908,WID-SEC-2022-1767,WID-SEC-2022-1057,WID-SEC-2022-0727,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K21/1296","" 192.168.20.102,server1002.example.com,80,tcp,9.8,High,"VendorFix","Apache HTTP Server Multiple Vulnerabilities June17 (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.26 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.811213,"CVE-2017-7679,CVE-2017-3169,CVE-2017-3167",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to bypass authentication and perform unauthorized actions, cause a denial-of-service condition and gain access to potentially sensitive information.","Update to Apache HTTP Server 2.2.33 or 2.4.26 or later.","Apache HTTP Server 2.2.x before 2.2.33 and 2.4.x before 2.4.26.","Multiple flaws exist as, - The mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. - The mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. - An use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Multiple Vulnerabilities June17 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.811213) Version used: 2022-04-13T00:00:07Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-0358,DFN-CERT-2018-0077,WID-SEC-2022-0673,CB-K22/0045","" 192.168.20.102,server1002.example.com,80,tcp,9.1,High,"VendorFix","Apache HTTP Server mod_auth_digest Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.27 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.811236,"CVE-2017-9788",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to cause the target service to crash. A remote user can obtain potentially sensitive information as well on the target system.","Update to Apache HTTP Server 2.2.34 or 2.4.27 or later.","Apache HTTP Server 2.2.x before 2.2.34 and 2.4.x before 2.4.27.","The flaw exists due to error in Apache 'mod_auth_digest' which does not properly initialize memory used to process 'Digest' type HTTP Authorization headers.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 'mod_auth_digest' Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.811236) Version used: 2022-04-13T00:00:07Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-0358,DFN-CERT-2018-0077","" 192.168.20.102,server1002.example.com,80,tcp,8.2,High,"VendorFix","Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.52 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.117855,"CVE-2021-44224",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.52 or later.","Apache HTTP Server version 2.4.7 through 2.4.51.","A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.7 - 2.4.51 Multiple Vulnerabilities - Windows (OID: 1.3.6.1.4.1.25623.1.0.117855) Version used: 2021-12-23T00:00:57Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-2405,DFN-CERT-2022-2167,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-1047,DFN-CERT-2022-0872,DFN-CERT-2022-0068,DFN-CERT-2021-2656,WID-SEC-2022-1057,WID-SEC-2022-0727,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K22/0619,CB-K21/1296","" 192.168.20.102,server1002.example.com,80,tcp,8.1,High,"VendorFix","Apache HTTP Server Man-in-the-Middle Attack Vulnerability - July16 (Windows)","Apache HTTP Server is prone to a man-in-the-middle attack vulnerability.","Installed version: 2.4.10 Fixed version: 2.4.24 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.808631,"CVE-2016-5387",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted proxy header in an HTTP request.","Update to version 2.4.24, or 2.2.32, or later.","Apache HTTP Server through 2.4.23. NOTE: Apache HTTP Server 2.2.32 is not vulnerable.","The flaw is due to 'CGI Servlet' does not protect applications from the presence of untrusted client data in the 'HTTP_PROXY' environment variable.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Man-in-the-Middle Attack Vulnerability - July16 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.808631) Version used: 2022-09-09T00:00:35Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","","" 192.168.20.102,server1002.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability (Windows)","In Apache HTTP Server mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.","Installed version: 2.4.10 Fixed version: 2.4.38 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.141963,"CVE-2018-17199",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.38 or later.","Apache HTTP Server version 2.4.37 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.38 mod_session_cookie Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.141963) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1069,DFN-CERT-2020-0673,DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0857,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0198,DFN-CERT-2019-0184","" 192.168.20.102,server1002.example.com,80,tcp,7.5,High,"VendorFix","Apache Tomcat JK Connector (mod_jk) < 1.2.46 Authentication Bypass Vulnerability - Windows","Apache Tomcat JK Connector (mod_jk) is prone to an authentication bypass vulnerability.","Installed version: 1.2.40 Fixed version: 1.2.46 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.141820,"CVE-2018-11759",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 1.2.46 or later.","Apache Tomcat JK Connector (mod_jk) version 1.2.0 through 1.2.44.","The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat JK Connector (mod_jk) < 1.2.46 Authentication Bypass Vulnerabi... (OID: 1.3.6.1.4.1.25623.1.0.141820) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:mod_jk:1.2.40 Method: Apache Tomcat JK Connector (mod_jk) Detection (HTTP) (OID: 1.3.6.1.4.1.25623.1.0.800279) ","","DFN-CERT-2019-0362,DFN-CERT-2019-0351,DFN-CERT-2018-2235,CB-K20/0041","" 192.168.20.102,server1002.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server mod_auth_digest DoS Vulnerability (Windows)","Apache HTTP Server is prone to a denial-of-service vulnerability.","Installed version: 2.4.10 Fixed version: 2.4.25 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.812066,"CVE-2016-2161",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to cause a denial-of-service condition.","Update to Apache HTTP Server 2.4.25 or later.","Apache HTTP Server versions 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2 and 2.4.1.","The flaw exists due to insufficient handling of malicious input to 'mod_auth_digest'.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 'mod_auth_digest' DoS Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812066) Version used: 2022-04-13T00:00:07Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","","" 192.168.20.102,server1002.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server Denial of Service Vulnerability-02 Apr18 (Windows)","Apache HTTP Server is prone to a denial of service vulnerability.","Installed version: 2.4.10 Fixed version: 2.4.30 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.812847,"CVE-2018-1303",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to crash the Apache HTTP Server resulting in denial of service condition.","Update to version 2.4.30 or later. Please see the references for more information.","Apache HTTP Server versions 2.4.6, 2.4.7, 2.4.9, 2.4.10, 2.4.12, 2.4.16 through 2.4.18, 2.4.20, 2.4.23, and 2.4.25 through 2.4.29.","The flaw exists as the Apache HTTP Server fails to sanitize against a specially crafted HTTP request header.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Denial of Service Vulnerability-02 Apr18 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.812847) Version used: 2022-04-13T00:00:45Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-2133,DFN-CERT-2019-0359,DFN-CERT-2019-0351,DFN-CERT-2018-2316,DFN-CERT-2018-0985,DFN-CERT-2018-0570,CB-K20/1030","" 192.168.20.102,server1002.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerability (Windows)","In Apache HTTP Server, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.","Installed version: 2.4.10 Fixed version: 2.4.39 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.142221,"CVE-2019-0217",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 mod_auth_digest Access Control Bypass Vulnerabil... (OID: 1.3.6.1.4.1.25623.1.0.142221) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2019-2592,DFN-CERT-2019-2456,DFN-CERT-2019-0736,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0680,DFN-CERT-2019-0676","" 192.168.20.102,server1002.example.com,80,tcp,7.5,High,"VendorFix","Apache HTTP Server < 2.4.48 NULL Pointer Dereference Vulnerability - Windows","Apache HTTP Server is prone to a NULL pointer dereference vulnerability.","Installed version: 2.4.10 Fixed version: 2.4.48 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.112904,"CVE-2021-31618",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow an attacker to crash the server.","Update to version 2.4.48 or later.","Apache HTTP Server before version 2.4.48 on Windows.","Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions an HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.48 NULL Pointer Dereference Vulnerability - Windows (OID: 1.3.6.1.4.1.25623.1.0.112904) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1549,DFN-CERT-2021-1467,DFN-CERT-2021-1355,DFN-CERT-2021-1333,DFN-CERT-2021-1329,DFN-CERT-2021-1276,DFN-CERT-2021-1273,CB-K21/0611","" 192.168.20.102,server1002.example.com,80,tcp,6.1,Medium,"VendorFix","Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.42 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.143672,"CVE-2020-1927,CVE-2020-1934",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.42 or later.","Apache HTTP Server version 2.4.0 to 2.4.41.","Apache HTTP Server is prone to multiple vulnerabilities: - mod_rewrite CWE-601 open redirect (CVE-2020-1927) - mod_proxy_ftp use of uninitialized value (CVE-2020-1934)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.143672) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2022-0074,DFN-CERT-2021-1467,DFN-CERT-2020-2422,DFN-CERT-2020-2133,DFN-CERT-2020-1854,DFN-CERT-2020-1793,DFN-CERT-2020-1538,DFN-CERT-2020-1335,DFN-CERT-2020-1289,DFN-CERT-2020-1124,DFN-CERT-2020-0850,DFN-CERT-2020-0835,DFN-CERT-2020-0688,WID-SEC-2023-0063,WID-SEC-2022-0757,CB-K20/1030,CB-K20/0708,CB-K20/0691,CB-K20/0280","" 192.168.20.102,server1002.example.com,80,tcp,6.1,Medium,"VendorFix","Apache HTTP Server 2.4.0 - 2.4.40 Multiple Vulnerabilities (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.41 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.114144,"CVE-2019-10092,CVE-2019-10098",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.41 or later.","Apache HTTP Server version 2.4.0 to 2.4.40.","Apache HTTP server is prone to multiple vulnerabilities: - A limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092) - Redirects configured with mod_rewrite that were intended to be self referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098)","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.0 - 2.4.40 Multiple Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.114144) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-1333,DFN-CERT-2021-0540,DFN-CERT-2020-2422,DFN-CERT-2020-2133,DFN-CERT-2020-1124,DFN-CERT-2020-0716,DFN-CERT-2020-0090,DFN-CERT-2019-2592,DFN-CERT-2019-2169,DFN-CERT-2019-1961,DFN-CERT-2019-1810,DFN-CERT-2019-1797,DFN-CERT-2019-1751,CB-K20/1030,CB-K20/0708,CB-K20/0043,CB-K19/0728","" 192.168.20.102,server1002.example.com,80,tcp,5.8,Medium,"Mitigation","HTTP Debugging Methods (TRACE/TRACK) Enabled","The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.","The web server has the following HTTP methods enabled: TRACE ",1.3.6.1.4.1.25623.1.0.11213,"CVE-2003-1567,CVE-2004-2320,CVE-2004-2763,CVE-2005-3398,CVE-2006-4683,CVE-2007-3008,CVE-2008-7253,CVE-2009-2823,CVE-2010-0386,CVE-2012-2223,CVE-2014-7883",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker may use this flaw to trick your legitimate web users to give him their credentials.","Disable the TRACE and TRACK methods in your web server configuration. Please see the manual of your web server or the references for more information.","Web servers with enabled TRACE and/or TRACK methods.","It has been shown that web servers supporting this methods are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.","Checks if HTTP methods such as TRACE and TRACK are enabled and can be used. Details: HTTP Debugging Methods (TRACE/TRACK) Enabled (OID: 1.3.6.1.4.1.25623.1.0.11213) Version used: 2022-05-12T00:00:01Z ","","","DFN-CERT-2021-1825","" 192.168.20.102,server1002.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server 2.4.1 < 2.4.24 IP Spoofing Vulnerability (Windows)","Apache HTTP Server is prone to an IP address spoofing vulnerability when proxying using mod_remoteip and mod_rewrite.","Installed version: 2.4.10 Fixed version: 2.4.24 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.144377,"CVE-2020-11985",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.24 or later.","Apache HTTP Server version 2.4.1 to 2.4.23.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.1 < 2.4.24 IP Spoofing Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.144377) Version used: 2021-07-22T00:00:40Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2020-1905,DFN-CERT-2020-1854,CB-K20/0798","" 192.168.20.102,server1002.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server < 2.4.39 URL Normalization Vulnerability (Windows)","When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.","Installed version: 2.4.10 Fixed version: 2.4.39 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.142229,"CVE-2019-0220",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.39 or later.","Apache HTTP Server version 2.4.38 and prior.","","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server < 2.4.39 URL Normalization Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142229) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2022-1610,DFN-CERT-2020-0184,DFN-CERT-2019-2592,DFN-CERT-2019-1519,DFN-CERT-2019-0815,DFN-CERT-2019-0690,DFN-CERT-2019-0687,DFN-CERT-2019-0680,DFN-CERT-2019-0676,WID-SEC-2022-0757,CB-K20/0708","" 192.168.20.102,server1002.example.com,80,tcp,5.3,Medium,"VendorFix","Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability - Windows","Apache HTTP Server is prone to a tunneling misconfiguration vulnerability.","Installed version: 2.4.10 Fixed version: 2.4.48 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.112899,"CVE-2019-17567",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 2.4.48 or later.","Apache HTTP Server versions 2.4.6 to 2.4.46 on Windows.","mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability -... (OID: 1.3.6.1.4.1.25623.1.0.112899) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","DFN-CERT-2021-2394,DFN-CERT-2021-1273,WID-SEC-2022-0438,CB-K21/0646","" 192.168.20.102,server1002.example.com,135,tcp,5.0,Medium,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol: Port: 49664/tcp UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[49664] Port: 49665/tcp UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[49665] Annotation: DHCP Client LRPC Endpoint UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[49665] Annotation: DHCPv6 Client LRPC Endpoint UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[49665] Annotation: Event log TCPIP Port: 58295/tcp UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0 Endpoint: ncacn_ip_tcp:192.168.20.102[58295] Annotation: RemoteAccessCheck UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58295] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58295] Annotation: Ngc Pop Key Service UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58295] Annotation: Ngc Pop Key Service UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2 Endpoint: ncacn_ip_tcp:192.168.20.102[58295] Annotation: KeyIso Port: 58308/tcp UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] Annotation: UserMgrCli UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] Annotation: Proxy Manager provider server endpoint UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] Annotation: IP Transition Configuration endpoint UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] Annotation: IKE/Authip API UUID: b18fbab6-56f8-4702-84e0-41053293a869, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] Annotation: UserMgrCli UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] Annotation: Proxy Manager client server endpoint UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] Annotation: Adh APIs UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58308] Annotation: Impl friendly name Port: 58322/tcp UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58322] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58322] Annotation: Ngc Pop Key Service UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58322] Annotation: Ngc Pop Key Service UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2 Endpoint: ncacn_ip_tcp:192.168.20.102[58322] Annotation: KeyIso Port: 58323/tcp UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1 Endpoint: ncacn_ip_tcp:192.168.20.102[58323] Annotation: Remote Fw APIs Port: 58344/tcp UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2 Endpoint: ncacn_ip_tcp:192.168.20.102[58344] Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting. ",1.3.6.1.4.1.25623.1.0.10736,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker may use this fact to gain more knowledge about the remote host.","Filter incoming traffic to this ports.","",""," Details: DCE/RPC and MSRPC Services Enumeration Reporting (OID: 1.3.6.1.4.1.25623.1.0.10736) Version used: 2022-06-03T00:00:07Z ","","","","" 192.168.20.102,server1002.example.com,80,tcp,5.0,Medium,"VendorFix","Apache HTTP Server Multiple Vulnerabilities August15 (Windows)","Apache HTTP Server is prone to multiple vulnerabilities.","Installed version: 2.4.10 Fixed version: 2.4.14 Installation path / port: 80/tcp ",1.3.6.1.4.1.25623.1.0.805698,"CVE-2015-3185,CVE-2015-3183",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"Successful exploitation will allow remote attackers to bypass intended access restrictions in opportunistic circumstances and to cause cache poisoning or credential hijacking if an intermediary proxy is in use.","Update to version 2.4.14 or later.","Apache HTTP Server version 2.4.x before 2.4.14.","Multiple flaws are due to: - an error in 'ap_some_auth_required' function in 'server/request.c' script which does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting. - an error in chunked transfer coding implementation.","Checks if a vulnerable version is present on the target host. Details: Apache HTTP Server Multiple Vulnerabilities August15 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.805698) Version used: 2022-04-14T00:00:08Z ","Product: cpe:/a:apache:http_server:2.4.10 Method: Apache HTTP Server Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.117232) ","","","" 192.168.20.102,server1002.example.com,3389,tcp,5.0,Medium,"Mitigation","SSL/TLS: Report Weak Cipher Suites","This routine reports all Weak SSL/TLS cipher suites accepted by a service. NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported. If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure cleartext communication.","'Weak' cipher suites accepted by this service via the TLSv1.0 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA 'Weak' cipher suites accepted by this service via the TLSv1.1 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA 'Weak' cipher suites accepted by this service via the TLSv1.2 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA ",1.3.6.1.4.1.25623.1.0.103440,"CVE-2013-2566,CVE-2015-2808,CVE-2015-4000",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","The configuration of this services should be changed so that it does not accept the listed weak cipher suites anymore. Please see the references for more resources supporting you with this task.","","These rules are applied for the evaluation of the cryptographic strength: - RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808) - Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak (CVE-2015-4000) - 1024 bit RSA authentication is considered to be insecure and therefore as weak - Any cipher considered to be secure for only the next 10 years is considered as medium - Any other cipher is considered as strong"," Details: SSL/TLS: Report Weak Cipher Suites (OID: 1.3.6.1.4.1.25623.1.0.103440) Version used: 2021-12-01T00:00:37Z ","","","DFN-CERT-2021-0775,DFN-CERT-2020-1561,DFN-CERT-2020-1276,CB-K21/0067","" 192.168.20.102,server1002.example.com,3389,tcp,4.3,Medium,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT. ",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.","It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.","All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like: - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)","Check the used TLS protocols of the services provided by this system. Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.117274) Version used: 2021-07-19T00:00:48Z ","","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408","" 192.168.20.102,server1002.example.com,,,2.6,Low,"Mitigation","TCP timestamps","The remote host implements TCP timestamps and therefore allows to compute the uptime.","It was detected that the host implements RFC1323/RFC7323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 2832963944 Packet 2: 2832965002 ",1.3.6.1.4.1.25623.1.0.80091,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"A side effect of this feature is that the uptime of the remote host can sometimes be computed.","To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported. Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091) Version used: 2020-08-24T00:00:10Z ","","","","" 192.168.10.100,server1001.example.com,8009,tcp,9.8,High,"VendorFix","Apache Tomcat AJP RCE Vulnerability (Ghostcat)","Apache Tomcat is prone to a remote code execution vulnerability (dubbed 'Ghostcat') in the AJP connector.","The returned status is '500', which should be '403' on a patched system, when trying to read a file which indicates that the installation is vulnerable. ",1.3.6.1.4.1.25623.1.0.143545,"CVE-2020-1938",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update Apache Tomcat to version 7.0.100, 8.5.51, 9.0.31 or later. For other products using Tomcat please contact the vendor for more information on fixed versions.","Apache Tomcat versions prior 7.0.100, 8.5.51 or 9.0.31 when the AJP connector is enabled. Other products like JBoss or Wildfly which are using Tomcat might be affected as well.","Apache Tomcat server has a file containing vulnerability, which can be used by an attacker to read or include any files in all webapp directories on Tomcat, such as webapp configuration files or source code.","Sends a crafted AJP request and checks the response. Details: Apache Tomcat AJP RCE Vulnerability (Ghostcat) (OID: 1.3.6.1.4.1.25623.1.0.143545) Version used: 2022-08-09T00:00:17Z ","","","DFN-CERT-2021-1736,DFN-CERT-2020-1508,DFN-CERT-2020-1413,DFN-CERT-2020-1276,DFN-CERT-2020-1134,DFN-CERT-2020-0850,DFN-CERT-2020-0835,DFN-CERT-2020-0821,DFN-CERT-2020-0569,DFN-CERT-2020-0557,DFN-CERT-2020-0501,DFN-CERT-2020-0381,CB-K20/0711,CB-K20/0705,CB-K20/0693,CB-K20/0555,CB-K20/0543,CB-K20/0154","" 192.168.10.100,server1001.example.com,8080,tcp,9.8,High,"VendorFix","Apache Tomcat Multiple Vulnerabilities - Feb20 (Windows)","Apache Tomcat is prone to multiple vulnerabilities.","Installed version: 9.0.14 Fixed version: 9.0.31 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.143550,"CVE-2020-1935,CVE-2020-1938",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 7.0.100, 8.5.51, 9.0.31 or later.","Apache Tomcat 7.0.0 to 7.0.99, 8.5.0 to 8.5.50 and 9.0.0.M1 to 9.0.30.","Apache Tomcat is prone to multiple vulnerabilities: - HTTP request smuggling vulnerability (CVE-2020-1935) - AJP Request Injection and potential Remote Code Execution dubbed 'Ghostcat' (CVE-2020-1938)","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat Multiple Vulnerabilities - Feb20 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.143550) Version used: 2022-08-09T00:00:17Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2021-1736,DFN-CERT-2021-0575,DFN-CERT-2020-2482,DFN-CERT-2020-1707,DFN-CERT-2020-1706,DFN-CERT-2020-1508,DFN-CERT-2020-1413,DFN-CERT-2020-1276,DFN-CERT-2020-1134,DFN-CERT-2020-0850,DFN-CERT-2020-0835,DFN-CERT-2020-0821,DFN-CERT-2020-0569,DFN-CERT-2020-0557,DFN-CERT-2020-0501,DFN-CERT-2020-0381,CB-K20/0711,CB-K20/0705,CB-K20/0693,CB-K20/0555,CB-K20/0543,CB-K20/0165,CB-K20/0154","" 192.168.10.100,server1001.example.com,8080,tcp,8.6,High,"VendorFix","Apache Tomcat Request Mix-up Vulnerability (May 2022) - Windows","Apache Tomcat is prone to a request mix-up vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.21 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.104204,"CVE-2022-25762",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.76, 9.0.21 or later.","Apache Tomcat 8.5.0 through 8.5.75 and 9.0.0.M1 through 9.0.20.","If a web application sends a WebSocket message concurrently with the WebSocket connection closing, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat Request Mix-up Vulnerability (May 2022) - Windows (OID: 1.3.6.1.4.1.25623.1.0.104204) Version used: 2022-05-26T00:00:21Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-1605,WID-SEC-2022-1335,WID-SEC-2022-1228,WID-SEC-2022-0899,WID-SEC-2022-0740,CB-K22/0600","" 192.168.10.100,server1001.example.com,8080,tcp,8.1,High,"VendorFix","Apache Tomcat RCE Vulnerability - April19 (Windows)","Apache Tomcat is prone to a remote code execution vulnerability due to a bug in the way the JRE passes command line arguments to Windows.","Installed version: 9.0.14 Fixed version: 9.0.19 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.142265,"CVE-2019-0232",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 7.0.94, 8.5.40, 9.0.19 or later.","Apache Tomcat 7.0.0 to 7.0.93, 8.5.0 to 8.5.39 and 9.0.0.M1 to 9.0.17.","When running on Windows with enableCmdLineArguments enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disabled by default in Tomcat.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat RCE Vulnerability - April19 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142265) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2019-1398,DFN-CERT-2019-0732,CB-K20/0029","" 192.168.10.100,server1001.example.com,8080,tcp,7.5,High,"VendorFix","Apache Tomcat Multiple DoS Vulnerabilities - July20 (Windows)","Apache Tomcat is prone to multiple denial of service vulnerabilities.","Installed version: 9.0.14 Fixed version: 9.0.37 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.144274,"CVE-2020-13934,CVE-2020-13935",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.57, 9.0.37, 10.0.0-M7 or later.","Apache Tomcat 8.5.1 to 8.5.56, 9.0.0.M5 to 9.0.36 and 10.0.0-M1 to 10.0.0-M6.","The following vulnerabilitities exist: - HTTP/2 Denial of Service (CVE-2020-13934) - WebSocket Denial of Service (CVE-2020-13935)","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat Multiple DoS Vulnerabilities - July20 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.144274) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-1472,DFN-CERT-2021-1736,DFN-CERT-2021-0714,DFN-CERT-2021-0132,DFN-CERT-2020-2295,DFN-CERT-2020-2287,DFN-CERT-2020-2132,DFN-CERT-2020-2006,DFN-CERT-2020-1761,DFN-CERT-2020-1707,DFN-CERT-2020-1706,DFN-CERT-2020-1575,DFN-CERT-2020-1511,WID-SEC-2022-1375,WID-SEC-2022-0519,CB-K20/1030,CB-K20/1021,CB-K20/1017,CB-K20/0717","" 192.168.10.100,server1001.example.com,8080,tcp,7.5,High,"VendorFix","Apache Tomcat HTTP/2 Vulnerability - Dec20 (Windows)","Apache Tomcat is prone to an information disclosure vulnerability in HTTP/2.","Installed version: 9.0.14 Fixed version: 9.0.40 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.144985,"CVE-2020-17527",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.60, 9.0.40, 10.0.0-M10 or later.","Apache Tomcat 8.5.0 to 8.5.59, 9.0.0.M1 to 9.0.39 and 10.0.0-M1 to 10.0.0-M9.","It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat HTTP/2 Vulnerability - Dec20 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.144985) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-0733,DFN-CERT-2021-2620,DFN-CERT-2021-0821,DFN-CERT-2021-0820,DFN-CERT-2021-0338,DFN-CERT-2021-0134,DFN-CERT-2021-0034,DFN-CERT-2020-2646,WID-SEC-2023-0065,WID-SEC-2022-0624,CB-K21/0421,CB-K21/0418,CB-K20/1195","" 192.168.10.100,server1001.example.com,8080,tcp,7.5,High,"VendorFix","Apache Tomcat DoS Vulnerability - June19 (Windows)","Apache Tomcat is prone to a denial of service vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.20 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.142812,"CVE-2019-10072",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.41, 9.0.20 or later.","Apache Tomcat versions 8.5.0 to 8.5.40 and 9.0.0.M1 to 9.0.19.","The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write. By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients are able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat DoS Vulnerability - June19 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142812) Version used: 2022-04-13T00:00:45Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2020-0501,DFN-CERT-2020-0088,DFN-CERT-2020-0027,DFN-CERT-2019-2457,DFN-CERT-2019-2149,DFN-CERT-2019-1895,DFN-CERT-2019-1472,DFN-CERT-2019-1268,CB-K20/1008,CB-K20/0029","" 192.168.10.100,server1001.example.com,8080,tcp,7.5,High,"VendorFix","Apache Tomcat DoS Vulnerability - June19 (Windows)","Apache Tomcat is prone to a denial of service vulnerability in the HTTP/2 implementation.","Installed version: 9.0.14 Fixed version: 9.0.20 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.107013,"CVE-2019-10072",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.41, 9.0.20 or later.","Apache Tomcat 8.5.0 to 8.5.40 and 9.0.0.M1 to 9.0.19.","The HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permitts clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilises the Servlet API's blocking I/O, clients are able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat DoS Vulnerability - June19 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.107013) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2020-0501,DFN-CERT-2020-0088,DFN-CERT-2020-0027,DFN-CERT-2019-2457,DFN-CERT-2019-2149,DFN-CERT-2019-1895,DFN-CERT-2019-1472,DFN-CERT-2019-1268,CB-K20/1008,CB-K20/0029","" 192.168.10.100,server1001.example.com,8080,tcp,7.5,High,"VendorFix","Apache Tomcat Session Fixation Vulnerability - Dec19 (Windows)","Apache Tomcat is prone to a session fixation vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.30 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.143314,"CVE-2019-17563",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 7.0.99, 8.5.50, 9.0.30 or later.","Apache Tomcat 7.0.0 to 7.0.98, 8.5.0 to 8.5.49 and 9.0.0.M1 to 9.0.29.","When using FORM authentication there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat Session Fixation Vulnerability - Dec19 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.143314) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2021-0575,DFN-CERT-2020-2132,DFN-CERT-2020-1134,DFN-CERT-2020-1129,DFN-CERT-2020-0821,DFN-CERT-2020-0780,DFN-CERT-2020-0775,DFN-CERT-2020-0557,DFN-CERT-2020-0501,DFN-CERT-2020-0345,DFN-CERT-2020-0027,DFN-CERT-2019-2710,DFN-CERT-2019-2673,CB-K21/0071,CB-K20/1030,CB-K20/0318,CB-K20/0309","" 192.168.10.100,server1001.example.com,8080,tcp,7.5,High,"VendorFix","Apache Tomcat DoS Vulnerability (Sep 2021) - Windows","Apache Tomcat is prone to a denial of service (DoS) vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.44 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.146722,"CVE-2021-41079",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.64, 9.0.44, 10.0.4 or later.","Apache Tomcat 8.5.0 through 8.5.63, 9.0.0-M1 through 9.0.43 and 10.0.0-M1 through 10.0.2.","When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat DoS Vulnerability (Sep 2021) - Windows (OID: 1.3.6.1.4.1.25623.1.0.146722) Version used: 2021-10-04T00:00:33Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-1530,DFN-CERT-2022-0826,DFN-CERT-2022-0733,DFN-CERT-2021-2297,DFN-CERT-2021-2169,DFN-CERT-2021-1990,WID-SEC-2022-0615,WID-SEC-2022-0607,CB-K21/0983","" 192.168.10.100,server1001.example.com,8080,tcp,7.5,High,"VendorFix","Apache Tomcat DoS Vulnerability - March19 (Windows)","Apache Tomcat is prone to a denial of service vulnerability in the HTTP/2 implementation.","Installed version: 9.0.14 Fixed version: 9.0.16 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.142263,"CVE-2019-0199",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.38, 9.0.16 or later.","Apache Tomcat 8.5.0 to 8.5.37 and 9.0.0.M1 to 9.0.14.","The HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permitts clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilises the Servlet API's blocking I/O, clients are able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat DoS Vulnerability - March19 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142263) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2019-2710,DFN-CERT-2019-1895,DFN-CERT-2019-1755,DFN-CERT-2019-1472,DFN-CERT-2019-1231,DFN-CERT-2019-1095,DFN-CERT-2019-0594,CB-K20/0543,CB-K20/0029","" 192.168.10.100,server1001.example.com,8080,tcp,7.5,High,"VendorFix","Apache Tomcat DoS Vulnerability - June20 (Windows)","Apache Tomcat is prone to a denial of service vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.36 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.144181,"CVE-2020-11996",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.56, 9.0.36, 10.0.0-M6 or later.","Apache Tomcat 8.5.0 to 8.5.55, 9.0.0.M1 to 9.0.35 and 10.0.0-M1 to 10.0.0-M5.","A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat DoS Vulnerability - June20 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.144181) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2021-1736,DFN-CERT-2021-0043,DFN-CERT-2020-2006,DFN-CERT-2020-1575,DFN-CERT-2020-1490,DFN-CERT-2020-1358,WID-SEC-2022-1375,CB-K20/1017,CB-K20/0637,CB-K20/0636","" 192.168.10.100,server1001.example.com,8080,tcp,7.5,High,"VendorFix","Apache Tomcat Information Disclosure Vulnerability (Mar21) - Windows","Apache Tomcat is prone to an information disclosure vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.43 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.145480,"CVE-2021-25122",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.63, 9.0.43, 10.0.2 or later.","Apache Tomcat 8.5.x - 8.5.61, 9.0.0.M1 - 9.0.41 and 10.0.x prior to 10.0.1.","When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat Information Disclosure Vulnerability (Mar21) - Windows (OID: 1.3.6.1.4.1.25623.1.0.145480) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-1530,DFN-CERT-2022-0733,DFN-CERT-2021-2191,DFN-CERT-2021-1904,DFN-CERT-2021-1537,DFN-CERT-2021-1536,DFN-CERT-2021-1403,DFN-CERT-2021-0810,DFN-CERT-2021-0807,DFN-CERT-2021-0544,DFN-CERT-2021-0445,WID-SEC-2022-1375,WID-SEC-2022-1099,WID-SEC-2022-0624,WID-SEC-2022-0607,CB-K21/1094,CB-K21/1081,CB-K21/0770,CB-K21/0222","" 192.168.10.100,server1001.example.com,8080,tcp,7.0,High,"VendorFix","Apache Tomcat Privilege Escalation Vulnerability - Dec19 (Windows)","Apache Tomcat is prone to a privilege escalation vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.29 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.143312,"CVE-2019-12418",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 7.0.99, 8.5.49, 9.0.29 or later. As a mitigation disable Tomcat's JmxRemoteLifecycleListener and use the built-in remote JMX facilities provided by the JVM.","Apache Tomcat 7.0.0 to 7.0.97, 8.5.0 to 8.5.47 and 9.0.0.M1 to 9.0.28.","When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat Privilege Escalation Vulnerability - Dec19 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.143312) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2020-1129,DFN-CERT-2020-1094,DFN-CERT-2020-0821,DFN-CERT-2020-0604,DFN-CERT-2020-0557,DFN-CERT-2020-0501,DFN-CERT-2020-0345,DFN-CERT-2020-0027,DFN-CERT-2019-2710,DFN-CERT-2019-2673,CB-K20/0309","" 192.168.10.100,server1001.example.com,8080,tcp,7.0,High,"VendorFix","Apache Tomcat RCE Vulnerability (Mar21) - Windows","Apache Tomcat is prone to a remote code execution (RCE) vulnerability due to an incomplete fix.","Installed version: 9.0.14 Fixed version: 9.0.43 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.145478,"CVE-2021-25329",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 7.0.108, 8.5.63, 9.0.43, 10.0.2 or later.","Apache Tomcat 7.0.x - 7.0.107, 8.5.x - 8.5.61, 9.0.0.M1 - 9.0.41 and 10.0.x prior to 10.0.1.","The fix for CVE-2020-9484 was incomplete. When using a highly unlikely configuration edge case, the Tomcat instance is still vulnerable to CVE-2020-9484. Note that both the previously published prerequisites for CVE-2020-9484 also apply to this issue.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat RCE Vulnerability (Mar21) - Windows (OID: 1.3.6.1.4.1.25623.1.0.145478) Version used: 2021-08-24T00:00:06Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-1530,DFN-CERT-2022-0733,DFN-CERT-2021-1904,DFN-CERT-2021-1403,DFN-CERT-2021-0903,DFN-CERT-2021-0835,DFN-CERT-2021-0807,DFN-CERT-2021-0714,DFN-CERT-2021-0544,DFN-CERT-2021-0445,WID-SEC-2022-1099,WID-SEC-2022-0607,CB-K21/0222","" 192.168.10.100,server1001.example.com,8080,tcp,7.0,High,"VendorFix","Apache Tomcat RCE Vulnerability - May20 (Windows)","Apache Tomcat is prone to a remote code execution vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.35 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.143964,"CVE-2020-9484",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 7.0.104, 8.5.55, 9.0.35, 10.0.0-M5 or later.","Apache Tomcat 7.0.0 to 7.0.103, 8.5.0 to 8.5.54, 9.0.0.M1 to 9.0.34 and 10.0.0-M1 to 10.0.0-M4.","If: - an attacker is able to control the contents and name of a file on the server and - the server is configured to use the PersistenceManager with a FileStore and - the PersistenceManager is configured with sessionAttributeValueClassNameFilter='null' (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized and - the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions must be true for the attack to succeed.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat RCE Vulnerability - May20 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.143964) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-1530,DFN-CERT-2022-0733,DFN-CERT-2021-1736,DFN-CERT-2020-2286,DFN-CERT-2020-1706,DFN-CERT-2020-1635,DFN-CERT-2020-1575,DFN-CERT-2020-1490,DFN-CERT-2020-1289,DFN-CERT-2020-1134,DFN-CERT-2020-1129,DFN-CERT-2020-1094,DFN-CERT-2020-1086,WID-SEC-2022-1870,WID-SEC-2022-0607,WID-SEC-2022-0432,WID-SEC-2022-0302,CB-K21/1094,CB-K21/0069,CB-K20/1017,CB-K20/0494","" 192.168.10.100,server1001.example.com,8080,tcp,6.8,Medium,"Mitigation","Apache Tomcat servlet/JSP container default files","The Apache Tomcat servlet/JSP container has default files installed.","The following default files were found : http://server1001.example.com:8080/examples/servlets/index.html http://server1001.example.com:8080/examples/jsp/index.html ",1.3.6.1.4.1.25623.1.0.12085,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"These files should be removed as they may help an attacker to guess the exact version of the Apache Tomcat which is running on this host and may provide other useful information.","Remove default files, example JSPs and Servlets from the Tomcat Servlet/JSP container.","","Default files, such as documentation, default Servlets and JSPs were found on the Apache Tomcat servlet/JSP container."," Details: Apache Tomcat servlet/JSP container default files (OID: 1.3.6.1.4.1.25623.1.0.12085) Version used: 2020-05-08T00:00:44Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","","" 192.168.10.100,server1001.example.com,8080,tcp,6.5,Medium,"VendorFix","Apache Tomcat JNDI Realm Authentication Weakness Vulnerability (Jul 2021) - Windows","Apache Tomcat is prone to an authentication weakness vulnerability in the JNDI Realm.","Installed version: 9.0.14 Fixed version: 9.0.46 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.146265,"CVE-2021-30640",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 7.0.109, 8.5.66, 9.0.46, 10.0.6 or later.","Apache Tomcat 7.0.x through 7.0.108, 8.5.x through 8.5.65, 9.0.0.M1 through 9.0.45 and 10.0.0-M1 through 10.0.5.","Queries made by the JNDI Realm do not always correctly escape parameters. Parameter values could be sourced from user provided data (eg user names) as well as configuration data provided by an administrator. In limited circumstances it is possible for users to authenticate using variations of their user name and/or to bypass some of the protection provided by the LockOut Realm.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat JNDI Realm Authentication Weakness Vulnerability (Jul 2021) - ... (OID: 1.3.6.1.4.1.25623.1.0.146265) Version used: 2021-08-24T00:00:58Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-1530,DFN-CERT-2022-0826,DFN-CERT-2022-0733,DFN-CERT-2021-2496,DFN-CERT-2021-2438,DFN-CERT-2021-2297,DFN-CERT-2021-2169,DFN-CERT-2021-1728,DFN-CERT-2021-1668,DFN-CERT-2021-1472,WID-SEC-2022-1116,WID-SEC-2022-0623,WID-SEC-2022-0615,WID-SEC-2022-0607,CB-K21/0733","" 192.168.10.100,server1001.example.com,8080,tcp,6.1,Medium,"VendorFix","Apache Tomcat XSS Vulnerability - May19 (Windows)","Apache Tomcat is prone to a cross-site scripting vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.18 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.142480,"CVE-2019-0221",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 7.0.94, 8.5.40, 9.0.18 or later.","Apache Tomcat versions 7.0.0 to 7.0.93, 8.5.0 to 8.5.39 and 9.0.0.M1 to 9.0.17.","The SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat XSS Vulnerability - May19 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.142480) Version used: 2021-09-02T00:00:30Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2021-0819,DFN-CERT-2020-1129,DFN-CERT-2020-1094,DFN-CERT-2020-0557,DFN-CERT-2019-2710,DFN-CERT-2019-2457,DFN-CERT-2019-1895,DFN-CERT-2019-1704,DFN-CERT-2019-1472,DFN-CERT-2019-1231,DFN-CERT-2019-1092,CB-K20/0029","" 192.168.10.100,server1001.example.com,8080,tcp,5.9,Medium,"VendorFix","Apache Tomcat Information Disclosure Vulnerability - Jan21 (Windows)","Apache Tomcat is prone to an information disclosure vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.40 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.117158,"CVE-2021-24122",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 7.0.107, 8.5.60, 9.0.40, 10.0.0-M10 or later.","Apache Tomcat 7.0.0 to 7.0.106, 8.5.0 to 8.5.59, 9.0.0.M1 to 9.0.39 and 10.0.0-M1 to 10.0.0-M9.","When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat Information Disclosure Vulnerability - Jan21 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.117158) Version used: 2021-08-24T00:00:58Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-1530,DFN-CERT-2021-1904,DFN-CERT-2021-0835,DFN-CERT-2021-0714,DFN-CERT-2021-0544,DFN-CERT-2021-0338,DFN-CERT-2020-2646,WID-SEC-2022-0607,CB-K21/0049","" 192.168.10.100,server1001.example.com,8080,tcp,5.3,Medium,"VendorFix","Apache Tomcat HTTP Request Smuggling Vulnerability (Jul 2021) - Windows","Apache Tomcat is prone to an HTTP request smuggling vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.48 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.146267,"CVE-2021-33037",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.68, 9.0.48, 10.0.7 or later.","Apache Tomcat 8.5.x through 8.5.66, 9.0.0.M1 through 9.0.46 and 10.0.0-M1 through 10.0.6.","Apache Tomcat does not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignores the transfer-encoding header if the client declared it would only accept an HTTP/1.0 response. Tomcat honours the identify encoding and Tomcat does not ensure that, if present, the chunked encoding is the final encoding.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat HTTP Request Smuggling Vulnerability (Jul 2021) - Windows (OID: 1.3.6.1.4.1.25623.1.0.146267) Version used: 2021-08-24T00:00:58Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-1530,DFN-CERT-2022-0872,DFN-CERT-2022-0826,DFN-CERT-2022-0733,DFN-CERT-2021-2496,DFN-CERT-2021-2297,DFN-CERT-2021-2223,DFN-CERT-2021-2193,DFN-CERT-2021-2188,DFN-CERT-2021-1728,DFN-CERT-2021-1668,DFN-CERT-2021-1472,WID-SEC-2022-1894,WID-SEC-2022-1375,WID-SEC-2022-1296,WID-SEC-2022-1116,WID-SEC-2022-0624,WID-SEC-2022-0623,WID-SEC-2022-0615,WID-SEC-2022-0607,WID-SEC-2022-0094,CB-K22/0066,CB-K21/1087,CB-K21/1084,CB-K21/0733","" 192.168.10.100,server1001.example.com,135,tcp,5.0,Medium,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol: Port: 49664/tcp UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[49664] Port: 49665/tcp UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[49665] Annotation: DHCP Client LRPC Endpoint UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[49665] Annotation: DHCPv6 Client LRPC Endpoint UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[49665] Annotation: Event log TCPIP Port: 59294/tcp UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0 Endpoint: ncacn_ip_tcp:192.168.10.100[59294] Annotation: RemoteAccessCheck UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59294] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59294] Annotation: Ngc Pop Key Service UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59294] Annotation: Ngc Pop Key Service UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2 Endpoint: ncacn_ip_tcp:192.168.10.100[59294] Annotation: KeyIso Port: 59295/tcp UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: UserMgrCli UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: AppInfo UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: Proxy Manager provider server endpoint UUID: 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: IP Transition Configuration endpoint UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: AppInfo UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: AppInfo UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: IKE/Authip API UUID: b18fbab6-56f8-4702-84e0-41053293a869, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: UserMgrCli UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: Proxy Manager client server endpoint UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: Adh APIs UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: Impl friendly name UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] UUID: fb9a3757-cff0-4db0-b9fc-bd6c131612fd, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: AppInfo UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59295] Annotation: AppInfo Port: 59333/tcp UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59333] Annotation: Remote Fw APIs Port: 59348/tcp UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2 Endpoint: ncacn_ip_tcp:192.168.10.100[59348] Port: 59368/tcp UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:192.168.10.100[59368] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting. ",1.3.6.1.4.1.25623.1.0.10736,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker may use this fact to gain more knowledge about the remote host.","Filter incoming traffic to this ports.","",""," Details: DCE/RPC and MSRPC Services Enumeration Reporting (OID: 1.3.6.1.4.1.25623.1.0.10736) Version used: 2022-06-03T00:00:07Z ","","","","" 192.168.10.100,server1001.example.com,3389,tcp,5.0,Medium,"Mitigation","SSL/TLS: Report Weak Cipher Suites","This routine reports all Weak SSL/TLS cipher suites accepted by a service. NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported. If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure cleartext communication.","'Weak' cipher suites accepted by this service via the TLSv1.0 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA 'Weak' cipher suites accepted by this service via the TLSv1.1 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA 'Weak' cipher suites accepted by this service via the TLSv1.2 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA ",1.3.6.1.4.1.25623.1.0.103440,"CVE-2013-2566,CVE-2015-2808,CVE-2015-4000",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","The configuration of this services should be changed so that it does not accept the listed weak cipher suites anymore. Please see the references for more resources supporting you with this task.","","These rules are applied for the evaluation of the cryptographic strength: - RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808) - Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak (CVE-2015-4000) - 1024 bit RSA authentication is considered to be insecure and therefore as weak - Any cipher considered to be secure for only the next 10 years is considered as medium - Any other cipher is considered as strong"," Details: SSL/TLS: Report Weak Cipher Suites (OID: 1.3.6.1.4.1.25623.1.0.103440) Version used: 2021-12-01T00:00:37Z ","","","DFN-CERT-2021-0775,DFN-CERT-2020-1561,DFN-CERT-2020-1276,CB-K21/0067","" 192.168.10.100,server1001.example.com,8080,tcp,4.3,Medium,"VendorFix","Apache Tomcat Information Disclosure Vulnerability (Sep 2022) - Windows","Apache Tomcat is prone to an information disclosure vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.62 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.148786,"CVE-2021-43980",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14 or later.","Apache Tomcat version 8.5.0 through 8.5.77, 9.0.0-M1 through 9.0.60, 10.0.0-M1 through 10.0.18 and 10.1.0-M1 through 10.1.0-M12.","The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat Information Disclosure Vulnerability (Sep 2022) - Windows (OID: 1.3.6.1.4.1.25623.1.0.148786) Version used: 2022-09-29T00:00:47Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-2684,DFN-CERT-2022-2605,DFN-CERT-2022-2392,WID-SEC-2022-1558","" 192.168.10.100,server1001.example.com,3389,tcp,4.3,Medium,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT. ",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.","It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.","All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like: - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)","Check the used TLS protocols of the services provided by this system. Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.117274) Version used: 2021-07-19T00:00:48Z ","","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408","" 192.168.10.100,server1001.example.com,2325,tcp,4.3,Medium,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT. ",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.","It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.","All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like: - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)","Check the used TLS protocols of the services provided by this system. Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.117274) Version used: 2021-07-19T00:00:48Z ","","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408","" 192.168.10.100,server1001.example.com,8080,tcp,4.3,Medium,"VendorFix","Apache Tomcat Request Smuggling Vulnerability (Oct 2022) - Windows","Apache Tomcat is prone to a request smuggling vulnerability.","Installed version: 9.0.14 Fixed version: 9.0.68 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.148840,"CVE-2022-42252",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.83, 9.0.68, 10.0.27, 10.1.1 or later.","Apache Tomcat version 8.5.0 through 8.5.82, 9.0.0-M1 through 9.0.67, 10.0.0-M1 through 10.0.26 and 10.1.0.","If Tomcat is configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat does not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat is located behind a reverse proxy that also fails to reject the request with the invalid header.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat Request Smuggling Vulnerability (Oct 2022) - Windows (OID: 1.3.6.1.4.1.25623.1.0.148840) Version used: 2022-11-03T00:00:15Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-2684,DFN-CERT-2022-2428,WID-SEC-2022-1918","" 192.168.10.100,server1001.example.com,8080,tcp,4.3,Medium,"VendorFix","Apache Tomcat HTTP/2 Vulnerability - Oct20 (Windows)","Apache Tomcat is prone to an information disclosure vulnerability in HTTP/2.","Installed version: 9.0.14 Fixed version: 9.0.38 Installation path / port: 8080/tcp ",1.3.6.1.4.1.25623.1.0.144736,"CVE-2020-13943",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 8.5.58, 9.0.38, 10.0.0-M8 or later.","Apache Tomcat 8.5.1 to 8.5.57, 9.0.0.M5 to 9.0.37 and 10.0.0-M1 to 10.0.0-M7.","If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.","Checks if a vulnerable version is present on the target host. Details: Apache Tomcat HTTP/2 Vulnerability - Oct20 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.144736) Version used: 2021-07-22T00:00:50Z ","Product: cpe:/a:apache:tomcat:9.0.14 Method: Apache Tomcat Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.0.107652) ","","DFN-CERT-2022-0733,DFN-CERT-2021-2620,DFN-CERT-2021-0338,DFN-CERT-2021-0134,DFN-CERT-2021-0034,DFN-CERT-2020-2224,CB-K20/0971","" 192.168.10.100,server1001.example.com,2325,tcp,4.0,Medium,"Mitigation","SSL/TLS: Certificate Signed Using A Weak Signature Algorithm","The remote service is using a SSL/TLS certificate in the certificate chain that has been signed using a cryptographically weak hashing algorithm.","The following certificates are part of the certificate chain but using insecure signature algorithms: Subject: CN='ANSYS Licensing Authority Certificate',L=Canonsburg,ST=PA,C=US,O='ANSYS Inc' Signature Algorithm: sha1WithRSAEncryption ",1.3.6.1.4.1.25623.1.0.105880,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Servers that use SSL/TLS certificates signed with a weak SHA-1, MD5, MD4 or MD2 hashing algorithm will need to obtain new SHA-2 signed SSL/TLS certificates to avoid web browser SSL/TLS certificate warnings.","","The following hashing algorithms used for signing SSL/TLS certificates are considered cryptographically weak and not secure enough for ongoing use: - Secure Hash Algorithm 1 (SHA-1) - Message Digest 5 (MD5) - Message Digest 4 (MD4) - Message Digest 2 (MD2) Beginning as late as January 2017 and as early as June 2016, browser developers such as Microsoft and Google will begin warning users when visiting web sites that use SHA-1 signed Secure Socket Layer (SSL) certificates. NOTE: The script preference allows to set one or more custom SHA-1 fingerprints of CA certificates which are trusted by this routine. The fingerprints needs to be passed comma-separated and case-insensitive: Fingerprint1 or fingerprint1, Fingerprint2","Check which hashing algorithm was used to sign the remote SSL/TLS certificate. Details: SSL/TLS: Certificate Signed Using A Weak Signature Algorithm (OID: 1.3.6.1.4.1.25623.1.0.105880) Version used: 2021-10-15T00:00:32Z ","","","","" 192.168.10.100,server1001.example.com,,,2.6,Low,"Mitigation","TCP timestamps","The remote host implements TCP timestamps and therefore allows to compute the uptime.","It was detected that the host implements RFC1323/RFC7323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 2835625735 Packet 2: 2835626875 ",1.3.6.1.4.1.25623.1.0.80091,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"A side effect of this feature is that the uptime of the remote host can sometimes be computed.","To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported. Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091) Version used: 2020-08-24T00:00:10Z ","","","","" 192.168.10.101,server1001.example.com,3306,tcp,9.8,High,"VendorFix","Oracle MySQL Server <= 5.7.38 / 8.0 <= 8.0.29 Security Update (cpujul2022) - Windows","Oracle MySQL Server is prone to multiple vulnerabilities.","Installed version: 5.7.38 Fixed version: 5.7.39 Installation path / port: 3306/tcp ",1.3.6.1.4.1.25623.1.0.148511,"CVE-2022-1292,CVE-2022-27778,CVE-2018-25032,CVE-2022-21515",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 5.7.39, 8.0.30 or later.","Oracle MySQL Server version 5.7.38 and prior and 8.0 through 8.0.29.","","Checks if a vulnerable version is present on the target host. Details: Oracle MySQL Server <= 5.7.38 / 8.0 <= 8.0.29 Security Update (cpujul2022) -... (OID: 1.3.6.1.4.1.25623.1.0.148511) Version used: 2022-07-22T00:00:18Z ","","","DFN-CERT-2022-2799,DFN-CERT-2022-2668,DFN-CERT-2022-2376,DFN-CERT-2022-2323,DFN-CERT-2022-2309,DFN-CERT-2022-2305,DFN-CERT-2022-2268,DFN-CERT-2022-2254,DFN-CERT-2022-2150,DFN-CERT-2022-2111,DFN-CERT-2022-2094,DFN-CERT-2022-2073,DFN-CERT-2022-2072,DFN-CERT-2022-2066,DFN-CERT-2022-2059,DFN-CERT-2022-2047,DFN-CERT-2022-1992,DFN-CERT-2022-1905,DFN-CERT-2022-1875,DFN-CERT-2022-1837,DFN-CERT-2022-1646,DFN-CERT-2022-1614,DFN-CERT-2022-1609,DFN-CERT-2022-1520,DFN-CERT-2022-1476,DFN-CERT-2022-1425,DFN-CERT-2022-1310,DFN-CERT-2022-1304,DFN-CERT-2022-1267,DFN-CERT-2022-1264,DFN-CERT-2022-1116,DFN-CERT-2022-1115,DFN-CERT-2022-1114,DFN-CERT-2022-1103,DFN-CERT-2022-1081,DFN-CERT-2022-1076,DFN-CERT-2022-1054,DFN-CERT-2022-1049,DFN-CERT-2022-0986,DFN-CERT-2022-0768,DFN-CERT-2022-0716,WID-SEC-2022-1775,WID-SEC-2022-1772,WID-SEC-2022-1767,WID-SEC-2022-1461,WID-SEC-2022-1438,WID-SEC-2022-1335,WID-SEC-2022-1245,WID-SEC-2022-1228,WID-SEC-2022-1068,WID-SEC-2022-1057,WID-SEC-2022-0833,WID-SEC-2022-0826,WID-SEC-2022-0767,WID-SEC-2022-0755,WID-SEC-2022-0736,WID-SEC-2022-0735,WID-SEC-2022-0677,WID-SEC-2022-0554,WID-SEC-2022-0393,WID-SEC-2022-0277,WID-SEC-2022-0071,WID-SEC-2022-0005,CB-K22/0619,CB-K22/0570,CB-K22/0536,CB-K22/0386","" 192.168.10.101,server1001.example.com,3306,tcp,5.3,Medium,"VendorFix","Oracle MySQL Server <= 5.7.39 / 8.0 <= 8.0.30 Security Update (cpuoct2022) - Windows","Oracle MySQL Server is prone to multiple vulnerabilities.","Installed version: 5.7.38 Fixed version: 5.7.40 Installation path / port: 3306/tcp ",1.3.6.1.4.1.25623.1.0.118388,"CVE-2022-2097,CVE-2022-21617,CVE-2022-21608",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 5.7.40, 8.0.31 or later.","Oracle MySQL Server version 5.7.39 and prior and 8.0 through 8.0.30.","","Checks if a vulnerable version is present on the target host. Details: Oracle MySQL Server <= 5.7.39 / 8.0 <= 8.0.30 Security Update (cpuoct2022) -... (OID: 1.3.6.1.4.1.25623.1.0.118388) Version used: 2022-10-24T00:00:58Z ","","","DFN-CERT-2022-2323,DFN-CERT-2022-2315,DFN-CERT-2022-2306,DFN-CERT-2022-2150,DFN-CERT-2022-2073,DFN-CERT-2022-2072,DFN-CERT-2022-1905,DFN-CERT-2022-1646,DFN-CERT-2022-1536,DFN-CERT-2022-1521,DFN-CERT-2022-1520,DFN-CERT-2022-1515,DFN-CERT-2022-1497,WID-SEC-2022-1777,WID-SEC-2022-1776,WID-SEC-2022-1461,WID-SEC-2022-1245,WID-SEC-2022-1146,WID-SEC-2022-1068,WID-SEC-2022-1065,WID-SEC-2022-0561","" 192.168.21.102,server2102.example.com,135,tcp,5.0,Medium,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol: Port: 49664/tcp UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49664] Port: 49665/tcp UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49665] Annotation: Event log TCPIP Port: 49666/tcp UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] Annotation: UserMgrCli UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] Annotation: Proxy Manager provider server endpoint UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] Annotation: IP Transition Configuration endpoint UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] Annotation: IKE/Authip API UUID: b18fbab6-56f8-4702-84e0-41053293a869, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] Annotation: UserMgrCli UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] Annotation: Proxy Manager client server endpoint UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] Annotation: Adh APIs UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49666] Annotation: Impl friendly name Port: 49667/tcp UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0 Endpoint: ncacn_ip_tcp:192.168.10.101[49667] Annotation: RemoteAccessCheck UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49667] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49667] Annotation: Ngc Pop Key Service UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49667] Annotation: Ngc Pop Key Service UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2 Endpoint: ncacn_ip_tcp:192.168.10.101[49667] Annotation: KeyIso Port: 49668/tcp UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49668] Annotation: Remote Fw APIs Port: 60330/tcp UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2 Endpoint: ncacn_ip_tcp:192.168.10.101[60330] Port: 60343/tcp UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[60343] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting. ",1.3.6.1.4.1.25623.1.0.10736,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker may use this fact to gain more knowledge about the remote host.","Filter incoming traffic to this ports.","",""," Details: DCE/RPC and MSRPC Services Enumeration Reporting (OID: 1.3.6.1.4.1.25623.1.0.10736) Version used: 2022-06-03T00:00:07Z ","","","","" 192.168.10.101,server1001.example.com,3389,tcp,5.0,Medium,"Mitigation","SSL/TLS: Report Weak Cipher Suites","This routine reports all Weak SSL/TLS cipher suites accepted by a service. NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported. If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure cleartext communication.","'Weak' cipher suites accepted by this service via the TLSv1.0 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA 'Weak' cipher suites accepted by this service via the TLSv1.1 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA 'Weak' cipher suites accepted by this service via the TLSv1.2 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA ",1.3.6.1.4.1.25623.1.0.103440,"CVE-2013-2566,CVE-2015-2808,CVE-2015-4000",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","The configuration of this services should be changed so that it does not accept the listed weak cipher suites anymore. Please see the references for more resources supporting you with this task.","","These rules are applied for the evaluation of the cryptographic strength: - RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808) - Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak (CVE-2015-4000) - 1024 bit RSA authentication is considered to be insecure and therefore as weak - Any cipher considered to be secure for only the next 10 years is considered as medium - Any other cipher is considered as strong"," Details: SSL/TLS: Report Weak Cipher Suites (OID: 1.3.6.1.4.1.25623.1.0.103440) Version used: 2021-12-01T00:00:37Z ","","","DFN-CERT-2021-0775,DFN-CERT-2020-1561,DFN-CERT-2020-1276,CB-K21/0067","" 192.168.10.101,server1001.example.com,135,tcp,5.0,Medium,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol: Port: 49664/tcp UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49664] Port: 49665/tcp UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[49665] Annotation: Event log TCPIP Port: 62367/tcp UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[62367] UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[62367] Port: 62368/tcp UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[62368] Port: 62371/tcp UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0 Endpoint: ncacn_ip_tcp:192.168.10.101[62371] Annotation: RemoteAccessCheck UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[62371] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[62371] Annotation: Ngc Pop Key Service UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[62371] Annotation: Ngc Pop Key Service UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2 Endpoint: ncacn_ip_tcp:192.168.10.101[62371] Annotation: KeyIso Port: 62410/tcp UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[62410] Annotation: Remote Fw APIs Port: 62426/tcp UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:192.168.10.101[62426] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access Port: 62435/tcp UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2 Endpoint: ncacn_ip_tcp:192.168.10.101[62435] Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting. ",1.3.6.1.4.1.25623.1.0.10736,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker may use this fact to gain more knowledge about the remote host.","Filter incoming traffic to this ports.","",""," Details: DCE/RPC and MSRPC Services Enumeration Reporting (OID: 1.3.6.1.4.1.25623.1.0.10736) Version used: 2022-06-03T00:00:07Z ","","","","" 192.168.10.101,server1001.example.com,3306,tcp,4.6,Medium,"VendorFix","Oracle MySQL Server <= 5.7.39 / 8.0 <= 8.0.29 Security Update (cpuoct2022) - Windows","Oracle MySQL Server is prone to an information disclosure vulnerability.","Installed version: 5.7.38 Fixed version: 5.7.40 Installation path / port: 3306/tcp ",1.3.6.1.4.1.25623.1.0.118386,"CVE-2022-21592",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 5.7.40, 8.0.30 or later.","Oracle MySQL Server version 5.7.39 and prior and 8.0 through 8.0.29.","","Checks if a vulnerable version is present on the target host. Details: Oracle MySQL Server <= 5.7.39 / 8.0 <= 8.0.29 Security Update (cpuoct2022) -... (OID: 1.3.6.1.4.1.25623.1.0.118386) Version used: 2022-10-24T00:00:58Z ","","","DFN-CERT-2022-2306,WID-SEC-2022-1776","" 192.168.10.101,server1001.example.com,3306,tcp,4.6,Medium,"VendorFix","Oracle MySQL Server <= 5.7.39 / 8.0 <= 8.0.16 Security Update (cpuoct2022) - Windows","Oracle MySQL Server is prone to an information disclosure vulnerability.","Installed version: 5.7.38 Fixed version: 5.7.40 Installation path / port: 3306/tcp ",1.3.6.1.4.1.25623.1.0.118384,"CVE-2022-21589",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"","Update to version 5.7.40, 8.0.17 or later.","Oracle MySQL Server version 5.7.39 and prior and 8.0 through 8.0.16.","","Checks if a vulnerable version is present on the target host. Details: Oracle MySQL Server <= 5.7.39 / 8.0 <= 8.0.16 Security Update (cpuoct2022) -... (OID: 1.3.6.1.4.1.25623.1.0.118384) Version used: 2022-10-24T00:00:58Z ","","","DFN-CERT-2022-2306,WID-SEC-2022-1776","" 192.168.10.101,server1001.example.com,3306,tcp,4.3,Medium,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT. ",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.","It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.","All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like: - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)","Check the used TLS protocols of the services provided by this system. Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.117274) Version used: 2021-07-19T00:00:48Z ","","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408","" 192.168.10.101,server1001.example.com,8443,tcp,4.3,Medium,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT. ",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.","It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.","All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like: - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)","Check the used TLS protocols of the services provided by this system. Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.117274) Version used: 2021-07-19T00:00:48Z ","","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408","" 192.168.10.101,server1001.example.com,3389,tcp,4.3,Medium,"Mitigation","SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection","It was possible to detect the usage of the deprecated TLSv1.0 and/or TLSv1.1 protocol on this system.","In addition to TLSv1.2+ the service is also providing the deprecated TLSv1.0 and TLSv1.1 protocols and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 1.3.6.1.4.1.25623.1.0.802067) VT. ",1.3.6.1.4.1.25623.1.0.117274,"CVE-2011-3389,CVE-2015-0204",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.","It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.","All services providing an encrypted communication using the TLSv1.0 and/or TLSv1.1 protocols.","The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like: - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)","Check the used TLS protocols of the services provided by this system. Details: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.117274) Version used: 2021-07-19T00:00:48Z ","","","DFN-CERT-2020-0177,DFN-CERT-2020-0111,DFN-CERT-2019-0068,DFN-CERT-2018-1441,DFN-CERT-2018-1408","" 192.168.10.101,server1001.example.com,8443,tcp,4.0,Medium,"Workaround","SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability","The SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).","Server Temporary Key Size: 1024 bits ",1.3.6.1.4.1.25623.1.0.106223,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker might be able to decrypt the SSL/TLS communication offline.","Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use a 2048-bit or stronger Diffie-Hellman group (see the references). For Apache Web Servers: Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.","","The Diffie-Hellman group are some big numbers that are used as base for the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really powerful attackers like governments.","Checks the DHE temporary public key size. Details: SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerab... (OID: 1.3.6.1.4.1.25623.1.0.106223) Version used: 2021-02-12T00:00:15Z ","","","","" 192.168.10.101,server1001.example.com,,,2.6,Low,"Mitigation","TCP timestamps","The remote host implements TCP timestamps and therefore allows to compute the uptime.","It was detected that the host implements RFC1323/RFC7323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 2765387599 Packet 2: 2765388631 ",1.3.6.1.4.1.25623.1.0.80091,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"A side effect of this feature is that the uptime of the remote host can sometimes be computed.","To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported. Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091) Version used: 2020-08-24T00:00:10Z ","","","","" 192.168.20.103,server2003.example.com,8000,tcp,5.8,Medium,"Mitigation","HTTP Debugging Methods (TRACE/TRACK) Enabled","The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.","The web server has the following HTTP methods enabled: TRACE ",1.3.6.1.4.1.25623.1.0.11213,"CVE-2003-1567,CVE-2004-2320,CVE-2004-2763,CVE-2005-3398,CVE-2006-4683,CVE-2007-3008,CVE-2008-7253,CVE-2009-2823,CVE-2010-0386,CVE-2012-2223,CVE-2014-7883",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"An attacker may use this flaw to trick your legitimate web users to give him their credentials.","Disable the TRACE and TRACK methods in your web server configuration. Please see the manual of your web server or the references for more information.","Web servers with enabled TRACE and/or TRACK methods.","It has been shown that web servers supporting this methods are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.","Checks if HTTP methods such as TRACE and TRACK are enabled and can be used. Details: HTTP Debugging Methods (TRACE/TRACK) Enabled (OID: 1.3.6.1.4.1.25623.1.0.11213) Version used: 2022-05-12T00:00:01Z ","","","DFN-CERT-2021-1825","" 192.168.20.103,server2003.example.com,,,2.6,Low,"Mitigation","TCP timestamps","The remote host implements TCP timestamps and therefore allows to compute the uptime.","It was detected that the host implements RFC1323/RFC7323. The following timestamps were retrieved with a delay of 1 seconds in-between: Packet 1: 3731641997 Packet 2: 3731643072 ",1.3.6.1.4.1.25623.1.0.80091,"",00000000-0000-0000-0000-000000000000,"scan_task01",2023-01-01T00:00:00,00000000-0000-0000-0000-000000000000,"A side effect of this feature is that the uptime of the remote host can sometimes be computed.","To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported. Details: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091) Version used: 2020-08-24T00:00:10Z ","","","",""