· 7 years ago · Jan 30, 2019, 04:02 PM
1IP,Hostname,Port,Port Protocol,CVSS,Severity,Solution Type,NVT Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References
210.10.0.4,METASPLOITABLE3,8585,tcp,10.0,High,"VendorFix","PHP _php_stream_scandir() Buffer Overflow Vulnerability (Windows)","This host is running PHP and is prone to buffer overflow
3 vulnerability.","Installed version: 5.3.10
4Fixed version: 5.3.15/5.4.5",1.3.6.1.4.1.25623.1.0.803317,"CVE-2012-2688",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,3d9ce125-cb84-4a9f-99e7-3e3d8b2f2c36,"Successful exploitation could allow attackers to execute arbitrary code
5 and failed attempts will likely result in denial-of-service conditions.","Upgrade to PHP 5.4.5 or 5.3.15 or later.","PHP version before 5.3.15 and 5.4.x before 5.4.5","Flaw related to overflow in the _php_stream_scandir function in the
6 stream implementation.","
7Details:
8PHP '_php_stream_scandir()' Buffer Overflow Vulnerability (Windows)
9(OID: 1.3.6.1.4.1.25623.1.0.803317)
10Version used: $Revision: 11865 $
11","Product: cpe:/a:php:php:5.3.10
12Method: PHP Version Detection (Remote)
13(OID: 1.3.6.1.4.1.25623.1.0.800109)
14","54638","CB-K13/1037, CB-K13/0712, DFN-CERT-2013-2065, DFN-CERT-2013-1713, DFN-CERT-2013-1494, DFN-CERT-2013-0357, DFN-CERT-2012-1655, DFN-CERT-2012-1654, DFN-CERT-2012-1560, DFN-CERT-2012-1541, DFN-CERT-2012-1505, DFN-CERT-2012-1504, DFN-CERT-2012-1503, DFN-CERT-2012-1499, DFN-CERT-2012-1422","http://www.php.net/ChangeLog-5.php, http://en.securitylab.ru/nvd/427456.php, http://secunia.com/advisories/cve_reference/CVE-2012-2688, http://www.php.net/downloads.php"
1510.10.0.4,METASPLOITABLE3,8585,tcp,10.0,High,"VendorFix","Apache Web Server End Of Life Detection (Windows)","The Apache Web Server version on the remote host has reached the end of life and should
16 not be used anymore.","The ""Apache Web Server"" version on the remote host has reached the end of life.
17
18CPE: cpe:/a:apache:http_server:2.2.21
19Installed version: 2.2.21
20EOL version: 2.2
21EOL date: 2017-12-31",1.3.6.1.4.1.25623.1.0.108135,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,5f3a04b9-8aab-48bd-a23d-2472c8eee847,"An end of life version of Apache Web Server is not receiving any security updates from the vendor. Unfixed security vulnerabilities
22 might be leveraged by an attacker to compromise the security of this host.","Update the Apache Web Server version on the remote host to a still supported version.","","","Checks if a vulnerable version is present on the target host.
23Details:
24Apache Web Server End Of Life Detection (Windows)
25(OID: 1.3.6.1.4.1.25623.1.0.108135)
26Version used: $Revision: 11835 $
27","Product: cpe:/a:apache:http_server:2.2.21
28Method: Apache Web Server Detection
29(OID: 1.3.6.1.4.1.25623.1.0.900498)
30","","","https://archive.apache.org/dist/httpd/Announcement1.3.html, https://archive.apache.org/dist/httpd/Announcement2.0.html, https://www.apache.org/dist/httpd/Announcement2.2.html, https://en.wikipedia.org/wiki/Apache_HTTP_Server#Versions"
3110.10.0.4,METASPLOITABLE3,8585,tcp,10.0,High,"VendorFix","PHP Denial of Service And Unspecified Vulnerabilities - 01 - Jul16 (Windows)","This host is installed with PHP and is prone
32 to denial of service and unspecified Vulnerabilities","Installed version: 5.3.10
33Fixed version: 5.5.32",1.3.6.1.4.1.25623.1.0.808606,"CVE-2016-4342, CVE-2016-2554",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,3c4798ec-9d43-4e55-8f60-44cf600ba776,"Successfully exploiting this issue allow
34 remote attackers to cause a denial of service (heap memory corruption) or
35 possibly have unspecified other impact.","Upgrade to PHP version 5.5.32,
36 or 5.6.18, or 7.0.3, or later.","PHP versions prior to 5.5.32, 5.6.x
37 before 5.6.18, and 7.x before 7.0.3 on Windows","The flaw is due an improper handling of zero-length
38 uncompressed data in 'ext/phar/phar_object.c' script.","Checks if a vulnerable version is present on the target host.
39Details:
40PHP Denial of Service And Unspecified Vulnerabilities - 01 - Jul16 (Windows)
41(OID: 1.3.6.1.4.1.25623.1.0.808606)
42Version used: $Revision: 12363 $
43","Product: cpe:/a:php:php:5.3.10
44Method: PHP Version Detection (Remote)
45(OID: 1.3.6.1.4.1.25623.1.0.800109)
46","89154, 83353","CB-K16/1776, CB-K16/0944, CB-K16/0912, CB-K16/0868, CB-K16/0779, CB-K16/0760, CB-K16/0623, CB-K16/0614, CB-K16/0405, DFN-CERT-2016-1882, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0924, DFN-CERT-2016-0835, DFN-CERT-2016-0814, DFN-CERT-2016-0676, DFN-CERT-2016-0659, DFN-CERT-2016-0441","http://www.php.net/ChangeLog-7.php, http://www.openwall.com/lists/oss-security/2016/04/28/2"
4710.10.0.4,METASPLOITABLE3,8484,tcp,10.0,High,"VendorFix","Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities (Windows)","This host is installed with Jenkins and is prone to multiple vulnerabilities.","Installed version: 1.637
48Fixed version: 2.154
49Installation
50path / port: /",1.3.6.1.4.1.25623.1.0.108512,"CVE-2018-1000861, CVE-2018-1000862, CVE-2018-1000863, CVE-2018-1000864",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,cb142e4f-271b-42c5-b397-1dc77228eda4,"","Upgrade to Jenkins weekly to 2.154 or later / Jenkins LTS to either 2.138.4 or 2.150.1
51 or later.","Jenkins LTS up to and including 2.138.3, Jenkins weekly up to and including 2.153.","Jenkins is prone to the following vulnerabilities:
52
53 - Code execution through crafted URLs (CVE-2018-1000861).
54
55 - Forced migration of user records (CVE-2018-1000863).
56
57 - Workspace browser allowed accessing files outside the workspace (CVE-2018-1000862).
58
59 - Potential denial of service through cron expression form validation (CVE-2018-1000864).","Checks if a vulnerable version is present on the target host.
60Details:
61Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities (Windows)
62(OID: 1.3.6.1.4.1.25623.1.0.108512)
63Version used: $Revision: 12761 $
64","Product: cpe:/a:jenkins:jenkins:1.637
65Method: Jenkins CI Detection
66(OID: 1.3.6.1.4.1.25623.1.0.111001)
67","","","https://jenkins.io/security/advisory/2018-12-05/"
6810.10.0.4,METASPLOITABLE3,8585,tcp,10.0,High,"VendorFix","PHP Multiple Vulnerabilities - 05 - Aug16 (Windows)","This host is installed with PHP and is prone
69 to multiple vulnerabilities.","Installed version: 5.3.10
70Fixed version: 5.4.42",1.3.6.1.4.1.25623.1.0.808674,"CVE-2015-4644, CVE-2015-4643, CVE-2015-4598, CVE-2015-4642",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,a4056703-9544-4491-aad3-d4cbe1cd5f97,"Successfully exploiting this issue allow
71 remote attackers to cause a denial of service, to read or write to arbitrary
72 files, also execute arbitrary code via a long reply to a LIST command, leading
73 to a heap-based buffer overflow.","Upgrade to PHP version 5.4.42,
74 or 5.5.26, or 5.6.10, or later.","PHP versions prior to 5.4.42, 5.5.x before
75 5.5.26, and 5.6.x before 5.6.10 on Windows","The multiple flaws are due to,
76
77 - Improper validation of token extraction for table names, in the
78 php_pgsql_meta_data function in pgsql.c in the PostgreSQL extension.
79
80 - Integer overflow in the ftp_genlist function in ext/ftp/ftp.c
81
82 - PHP does not ensure that pathnames lack %00 sequences.
83
84 - An error in 'escapeshellarg' function in 'ext/standard/exec.c'
85 script.","Checks if a vulnerable version is present on the target host.
86Details:
87PHP Multiple Vulnerabilities - 05 - Aug16 (Windows)
88(OID: 1.3.6.1.4.1.25623.1.0.808674)
89Version used: $Revision: 12313 $
90","Product: cpe:/a:php:php:5.3.10
91Method: PHP Version Detection (Remote)
92(OID: 1.3.6.1.4.1.25623.1.0.800109)
93","75291, 75292, 75244, 75290","CB-K16/0944, CB-K15/1261, CB-K15/1158, CB-K15/1031, CB-K15/0973, CB-K15/0966, CB-K15/0942, CB-K15/0936, CB-K15/0880, CB-K15/0854, DFN-CERT-2016-1004, DFN-CERT-2015-1335, DFN-CERT-2015-1217, DFN-CERT-2015-1083, DFN-CERT-2015-1021, DFN-CERT-2015-1017, DFN-CERT-2015-0989, DFN-CERT-2015-0983, DFN-CERT-2015-0926, DFN-CERT-2015-0900","http://www.php.net/ChangeLog-5.php"
9410.10.0.4,METASPLOITABLE3,8585,tcp,10.0,High,"VendorFix","PHP phar_fix_filepath Function Stack Buffer Overflow Vulnerability - Mar16 (Windows)","This host is installed with PHP and is prone
95 to stack buffer overflow vulnerability.","Installed version: 5.3.10
96Fixed version: 5.4.43",1.3.6.1.4.1.25623.1.0.807092,"CVE-2015-5590, CVE-2015-8838, CVE-2015-5589",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,095e49cd-b96c-4265-92da-375c9d9397bd,"Successfully exploiting this issue allow
97 remote attackers to execute arbitrary code in the context of the PHP process.
98 Failed exploit attempts will likely crash the webserver.","Upgrade to PHP version 5.4.43, or 5.5.27, or
99 5.6.11 or later.","PHP versions before 5.4.43, 5.5.x before
100 5.5.27, and 5.6.x before 5.6.11 on Windows","Multiple flaws are due to
101
102 - Inadequate boundary checks on user-supplied input by 'phar_fix_filepath'
103 function in 'ext/phar/phar.c' script.
104
105 - Improper validation of file pointer in the 'phar_convert_to_other'
106 function in 'ext/phar/phar_object.c' script.","Checks if a vulnerable version is present on the target host.
107Details:
108PHP 'phar_fix_filepath' Function Stack Buffer Overflow Vulnerability - Mar16...
109(OID: 1.3.6.1.4.1.25623.1.0.807092)
110Version used: $Revision: 11922 $
111","Product: cpe:/a:php:php:5.3.10
112Method: PHP Version Detection (Remote)
113(OID: 1.3.6.1.4.1.25623.1.0.800109)
114","75970, 88763, 75974","CB-K16/0944, CB-K16/0912, CB-K16/0623, CB-K16/0614, CB-K16/0422, CB-K15/1439, CB-K15/1261, CB-K15/1147, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0676, DFN-CERT-2016-0659, DFN-CERT-2016-0460, DFN-CERT-2015-1515, DFN-CERT-2015-1335, DFN-CERT-2015-1203","http://www.php.net/ChangeLog-5.php, https://bugs.php.net/bug.php?id=69923"
11510.10.0.4,METASPLOITABLE3,8585,tcp,10.0,High,"VendorFix","PHP End Of Life Detection (Windows)","The PHP version on the remote host has reached the end of life and should
116 not be used anymore.","The ""PHP"" version on the remote host has reached the end of life.
117
118CPE: cpe:/a:php:php:5.3.10
119Installed version: 5.3.10
120EOL version: 5.3
121EOL date: 2014-08-14",1.3.6.1.4.1.25623.1.0.105888,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,d778a978-42e0-4f70-bbbb-c1cd9e7f6978,"An end of life version of PHP is not receiving any security updates from the vendor. Unfixed security vulnerabilities
122 might be leveraged by an attacker to compromise the security of this host.","Update the PHP version on the remote host to a still supported version.","","Each release branch of PHP is fully supported for two years from its initial stable release.
123 During this period, bugs and security issues that have been reported are fixed and are released in regular point releases.
124
125 After this two year period of active support, each branch is then supported for an additional year for critical security
126 issues only. Releases during this period are made on an as-needed basis: there may be multiple point releases, or none,
127 depending on the number of reports.
128
129 Once the three years of support are completed, the branch reaches its end of life and is no longer supported.","Checks if a vulnerable version is present on the target host.
130Details:
131PHP End Of Life Detection (Windows)
132(OID: 1.3.6.1.4.1.25623.1.0.105888)
133Version used: $Revision: 12363 $
134","Product: cpe:/a:php:php:5.3.10
135Method: PHP Version Detection (Remote)
136(OID: 1.3.6.1.4.1.25623.1.0.800109)
137","","","https://secure.php.net/supported-versions.php, https://secure.php.net/eol.php"
13810.10.0.4,METASPLOITABLE3,8383,tcp,10.0,High,"VendorFix","ManageEngine Desktop Central Remote Control Privilege Violation Vulnerability","Zoho ManageEngine Desktop Central allows remote attackers to obtain control
139over all connected active desktops via unspecified vectors.","Installed version: 91084
140Fixed version: 100082",1.3.6.1.4.1.25623.1.0.106809,"CVE-2017-7213",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,9bc11030-cce0-4064-8040-3b5f0a28c158,"","Upgrade to build 100082 or later.","ManageEngine Desktop Central before build 100082.","","Checks if a vulnerable version is present on the target host.
141Details:
142ManageEngine Desktop Central Remote Control Privilege Violation Vulnerability
143(OID: 1.3.6.1.4.1.25623.1.0.106809)
144Version used: $Revision: 12106 $
145","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
146Method: ManageEngine Desktop Central MSP Version Detection
147(OID: 1.3.6.1.4.1.25623.1.0.805717)
148","","","https://www.manageengine.com/products/desktop-central/cve-2017-7213-remote-control-privilege-violation.html"
14910.10.0.4,METASPLOITABLE3,8022,tcp,10.0,High,"VendorFix","ManageEngine Desktop Central Remote Control Privilege Violation Vulnerability","Zoho ManageEngine Desktop Central allows remote attackers to obtain control
150over all connected active desktops via unspecified vectors.","Installed version: 91084
151Fixed version: 100082",1.3.6.1.4.1.25623.1.0.106809,"CVE-2017-7213",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,90d53d38-bca9-43ec-a8a5-fe8b1b887696,"","Upgrade to build 100082 or later.","ManageEngine Desktop Central before build 100082.","","Checks if a vulnerable version is present on the target host.
152Details:
153ManageEngine Desktop Central Remote Control Privilege Violation Vulnerability
154(OID: 1.3.6.1.4.1.25623.1.0.106809)
155Version used: $Revision: 12106 $
156","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
157Method: ManageEngine Desktop Central MSP Version Detection
158(OID: 1.3.6.1.4.1.25623.1.0.805717)
159","","","https://www.manageengine.com/products/desktop-central/cve-2017-7213-remote-control-privilege-violation.html"
16010.10.0.4,METASPLOITABLE3,8020,tcp,10.0,High,"VendorFix","ManageEngine Desktop Central Remote Control Privilege Violation Vulnerability","Zoho ManageEngine Desktop Central allows remote attackers to obtain control
161over all connected active desktops via unspecified vectors.","Installed version: 91084
162Fixed version: 100082",1.3.6.1.4.1.25623.1.0.106809,"CVE-2017-7213",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,540022ab-af6b-48aa-971b-436a509532a3,"","Upgrade to build 100082 or later.","ManageEngine Desktop Central before build 100082.","","Checks if a vulnerable version is present on the target host.
163Details:
164ManageEngine Desktop Central Remote Control Privilege Violation Vulnerability
165(OID: 1.3.6.1.4.1.25623.1.0.106809)
166Version used: $Revision: 12106 $
167","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
168Method: ManageEngine Desktop Central MSP Version Detection
169(OID: 1.3.6.1.4.1.25623.1.0.805717)
170","","","https://www.manageengine.com/products/desktop-central/cve-2017-7213-remote-control-privilege-violation.html"
17110.10.0.4,METASPLOITABLE3,8484,tcp,10.0,High,"VendorFix","CloudBees Jenkins Multiple Vulnerabilities-02-May16 (Windows)","This host is installed with CloudBees
172 Jenkins and is prone to multiple vulnerabilities.","Installed version: 1.637
173Fixed version: 1.642.2",1.3.6.1.4.1.25623.1.0.807331,"CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,66f865f0-a09c-4383-96b2-f7cb60567b0f,"Successful exploitation will allow remote
174 attackers to obtain sensitive information, bypass the protection mechanism,
175 gain elevated privileges, bypass intended access restrictions and execute
176 arbitrary code.","Upgrade to CloudBees Jenkins LTS 1.642.2 or
177 later.","CloudBees Jenkins LTS before 1.642.2 on Windows","Multiple flaws are due to,
178
179 - The verification of user-provided API tokens with the expected value did
180 not use a constant-time comparison algorithm, potentially allowing
181 attackers to use statistical methods to determine valid API tokens using
182 brute-force methods.
183
184 - The verification of user-provided CSRF crumbs with the expected value did
185 not use a constant-time comparison algorithm, potentially allowing attackers
186 to use statistical methods to determine valid CSRF crumbs using brute-force
187 methods.
188
189 - The Jenkins has several API endpoints that allow low-privilege users to POST
190 XML files that then get deserialized by Jenkins. Maliciously crafted XML
191 files sent to these API endpoints could result in arbitrary code execution.
192
193 - An HTTP response splitting vulnerability in the CLI command documentation
194 allowed attackers to craft Jenkins URLs that serve malicious content.
195
196 - The Jenkins remoting module allowed unauthenticated remote attackers to open
197 a JRMP listener on the server hosting the Jenkins master process, which
198 allowed arbitrary code execution.","Checks if a vulnerable version is present on the target host.
199Details:
200CloudBees Jenkins Multiple Vulnerabilities-02-May16 (Windows)
201(OID: 1.3.6.1.4.1.25623.1.0.807331)
202Version used: $Revision: 12761 $
203","Product: cpe:/a:jenkins:jenkins:1.637
204Method: Jenkins CI Detection
205(OID: 1.3.6.1.4.1.25623.1.0.111001)
206","","CB-K16/1303, CB-K16/0311, DFN-CERT-2016-1386, DFN-CERT-2016-0338","https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24, https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream, https://www.cloudbees.com"
20710.10.0.4,METASPLOITABLE3,8585,tcp,10.0,High,"VendorFix","PHP type confusion Denial of Service Vulnerability (Windows)","This host is installed with PHP and is prone
208 to denial of service vulnerability.","Installed version: 5.3.10
209Fixed version: 5.6.7",1.3.6.1.4.1.25623.1.0.808672,"CVE-2015-4601",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,119cd708-9453-42c4-9745-eb111abd6878,"Successfully exploiting this issue allow
210 remote attackers to cause a denial of service.","Upgrade to PHP version 5.6.7
211 or later.","PHP versions prior to 5.6.7 on Windows","The flaw is due to 'type confusion' issues in
212 'ext/soap/php_encoding.c', 'ext/soap/php_http.c', and 'ext/soap/soap.c' scripts.","Checks if a vulnerable version is present on the target host.
213Details:
214PHP 'type confusion' Denial of Service Vulnerability (Windows)
215(OID: 1.3.6.1.4.1.25623.1.0.808672)
216Version used: $Revision: 12431 $
217","Product: cpe:/a:php:php:5.3.10
218Method: PHP Version Detection (Remote)
219(OID: 1.3.6.1.4.1.25623.1.0.800109)
220","75246","CB-K16/0944, CB-K15/1158, CB-K15/1031, CB-K15/0966, CB-K15/0942, CB-K15/0936, CB-K15/0854, DFN-CERT-2016-1004, DFN-CERT-2015-1217, DFN-CERT-2015-1083, DFN-CERT-2015-1017, DFN-CERT-2015-0989, DFN-CERT-2015-0983, DFN-CERT-2015-0900","http://www.php.net/ChangeLog-5.php"
22110.10.0.4,METASPLOITABLE3,9200,tcp,10.0,High,"VendorFix","Elasticsearch End of Life Detection","The script checks if the target host runs End of Life software. End of Life software doesn't receive any more updates and is highly prone to zero-day vulnerabilities.","The ""Elasticsearch"" version on the remote host has reached the end of life.
222
223CPE: cpe:/a:elasticsearch:elasticsearch:1.1.1
224Installed version: 1.1.1
225EOL version: 1.1
226EOL date: 2015-09-25",1.3.6.1.4.1.25623.1.0.113131,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,2a26a54f-ef8a-4443-85aa-6195b0ea8376,"","Update Elasticsearch to a version that still receives technical support and updates.","","","
227Details:
228Elasticsearch End of Life Detection
229(OID: 1.3.6.1.4.1.25623.1.0.113131)
230Version used: $Revision: 12045 $
231","Product: cpe:/a:elasticsearch:elasticsearch:1.1.1
232Method: Elasticsearch and Logstash Detection
233(OID: 1.3.6.1.4.1.25623.1.0.105031)
234","","","https://www.elastic.co/support/eol"
23510.10.0.4,METASPLOITABLE3,8282,tcp,10.0,High,"VendorFix","Apache Tomcat End Of Life Detection (Windows)","The Apache Tomcat version on the remote host has reached the end of life and should
236 not be used anymore.","The ""Apache Tomcat"" version on the remote host has reached the end of life.
237
238CPE: cpe:/a:apache:tomcat:8.0.33
239Installed version: 8.0.33
240EOL version: 8.0
241EOL date: 2018-06-30",1.3.6.1.4.1.25623.1.0.108134,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,42e9f7be-4695-4574-a332-0baf26bee238,"An end of life version of Apache Tomcat is not receiving any security updates from the vendor. Unfixed security vulnerabilities
242 might be leveraged by an attacker to compromise the security of this host.","Update the Apache Tomcat version on the remote host to a still supported version.","","","Checks if a vulnerable version is present on the target host.
243Details:
244Apache Tomcat End Of Life Detection (Windows)
245(OID: 1.3.6.1.4.1.25623.1.0.108134)
246Version used: $Revision: 11874 $
247","Product: cpe:/a:apache:tomcat:8.0.33
248Method: Apache Tomcat Version Detection
249(OID: 1.3.6.1.4.1.25623.1.0.800371)
250","","","https://tomcat.apache.org/tomcat-80-eol.html, https://tomcat.apache.org/tomcat-60-eol.html, https://tomcat.apache.org/tomcat-55-eol.html, https://en.wikipedia.org/wiki/Apache_Tomcat#Releases, https://tomcat.apache.org/whichversion.html"
25110.10.0.4,METASPLOITABLE3,8585,tcp,10.0,High,"WillNotFix","PHP com_print_typeinfo() Remote Code Execution Vulnerability (Windows)","This host is installed with PHP and is prone to remote code
252 execution vulnerability.","Installed version: 5.3.10
253Fixed version: N/A",1.3.6.1.4.1.25623.1.0.902836,"CVE-2012-2376",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,a539584b-c1ae-4162-a4d8-811971e29489,"Successful exploitation could allow remote attackers to execute
254 arbitrary code in the context of a webserver. Failed attempts will likely result
255 in denial of service conditions.","No known solution was made available for at least one year
256 since the disclosure of this vulnerability. Likely none will be provided anymore.
257 General solution options are to upgrade to a newer release, disable respective
258 features, remove the product or replace the product by another one.","PHP Version 5.4.3 and prior on Windows","The flaw is due to an error in the 'com_print_typeinfo()' function,
259 which allows remote attackers to execute arbitrary code via crafted arguments
260 that trigger incorrect handling of COM object VARIANT types.","
261Details:
262PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability (Windows)
263(OID: 1.3.6.1.4.1.25623.1.0.902836)
264Version used: $Revision: 11357 $
265","Product: cpe:/a:php:php:5.3.10
266Method: PHP Version Detection (Remote)
267(OID: 1.3.6.1.4.1.25623.1.0.800109)
268","53621","","http://www.securityfocus.com/bid/53621, http://www.exploit-db.com/exploits/18861, http://isc.sans.edu/diary.html?storyid=13255, https://bugzilla.redhat.com/show_bug.cgi?id=823464, http://openwall.com/lists/oss-security/2012/05/20/2, http://packetstormsecurity.org/files/112851/php54-exec.txt"
26910.10.0.4,METASPLOITABLE3,8383,tcp,10.0,High,"VendorFix","ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability","ManageEngine Desktop Central 9 suffers from a vulnerability that allows a remote attacker to upload a malicious file, and execute it under the context of SYSTEM.","It was possible to upload the file `https://10.10.0.4:8383/jspf/OpenVAS-VT_CVE-2015-8249_test.jsp`. Please delete this file.",1.3.6.1.4.1.25623.1.0.140041,"CVE-2015-8249",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,5a2239df-d22a-49c1-b132-9ff271def47e,"Successful exploitation will allow an attacker to gain arbitrary code
270 execution on the server.","Update to ManageEngine Desktop Central 9, build 90142 or newer.","ManageEngine Desktop Central 9 < build 90142","","Try to upload a jsp file
271Details:
272ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability
273(OID: 1.3.6.1.4.1.25623.1.0.140041)
274Version used: $Revision: 11523 $
275","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
276Method: ManageEngine Desktop Central MSP Version Detection
277(OID: 1.3.6.1.4.1.25623.1.0.805717)
278","","",""
27910.10.0.4,METASPLOITABLE3,8022,tcp,10.0,High,"VendorFix","ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability","ManageEngine Desktop Central 9 suffers from a vulnerability that allows a remote attacker to upload a malicious file, and execute it under the context of SYSTEM.","It was possible to upload the file `http://10.10.0.4:8022/jspf/OpenVAS-VT_CVE-2015-8249_test.jsp`. Please delete this file.",1.3.6.1.4.1.25623.1.0.140041,"CVE-2015-8249",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,047e437f-2e08-4c89-bb77-347b13b1e586,"Successful exploitation will allow an attacker to gain arbitrary code
280 execution on the server.","Update to ManageEngine Desktop Central 9, build 90142 or newer.","ManageEngine Desktop Central 9 < build 90142","","Try to upload a jsp file
281Details:
282ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability
283(OID: 1.3.6.1.4.1.25623.1.0.140041)
284Version used: $Revision: 11523 $
285","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
286Method: ManageEngine Desktop Central MSP Version Detection
287(OID: 1.3.6.1.4.1.25623.1.0.805717)
288","","",""
28910.10.0.4,METASPLOITABLE3,8020,tcp,10.0,High,"VendorFix","ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability","ManageEngine Desktop Central 9 suffers from a vulnerability that allows a remote attacker to upload a malicious file, and execute it under the context of SYSTEM.","It was possible to upload the file `http://10.10.0.4:8020/jspf/OpenVAS-VT_CVE-2015-8249_test.jsp`. Please delete this file.",1.3.6.1.4.1.25623.1.0.140041,"CVE-2015-8249",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7fc44969-4df7-42e9-8aac-6359805aad21,"Successful exploitation will allow an attacker to gain arbitrary code
290 execution on the server.","Update to ManageEngine Desktop Central 9, build 90142 or newer.","ManageEngine Desktop Central 9 < build 90142","","Try to upload a jsp file
291Details:
292ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability
293(OID: 1.3.6.1.4.1.25623.1.0.140041)
294Version used: $Revision: 11523 $
295","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
296Method: ManageEngine Desktop Central MSP Version Detection
297(OID: 1.3.6.1.4.1.25623.1.0.805717)
298","","",""
29910.10.0.4,METASPLOITABLE3,8282,tcp,10.0,High,"Mitigation","Apache Axis2 axis2-admin default credentials","The remote Apache Axi2 web interface is prone to a default account
300 authentication bypass vulnerability.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.111006,"CVE-2010-0219",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,72ec5c12-10fb-4a1a-8199-7cd02df626fe,"This issue may be exploited by a remote attacker to gain
301 access to sensitive information, modify system configuration or execute code by uploading
302 malicious webservices.","Change the password.","","It was possible to login with default credentials: admin/axis2","Try to login with default credentials.
303Details:
304Apache Axis2 axis2-admin default credentials
305(OID: 1.3.6.1.4.1.25623.1.0.111006)
306Version used: $Revision: 11872 $
307","Product: cpe:/a:apache:axis2:1.6.0
308Method: Apache Axis2 Detection
309(OID: 1.3.6.1.4.1.25623.1.0.100813)
310","44055","","https://www.securityfocus.com/bid/44055, http://ws.apache.org/axis2/, http://www.exploit-db.com/exploits/15869"
31110.10.0.4,METASPLOITABLE3,8484,tcp,10.0,High,"Mitigation","Jenkins CI Groovy Console accessible","The script sends a HTTP request to the
312 server and checks if the Groovy Console is unprotected.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.111002,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,0d4bbb63-d8bd-4370-b565-bd459608c586,"The Groovy Console allows an attacker to execute
313 operating system commands with the permissions of the user running the service.","Protect the access to the Groovy Console by
314 configuring user accounts. Please see the reference for more information.","","","Connect to port 8080 and check the response.
315Details:
316Jenkins CI Groovy Console accessible
317(OID: 1.3.6.1.4.1.25623.1.0.111002)
318Version used: $Revision: 12761 $
319","Product: cpe:/a:jenkins:jenkins:1.637
320Method: Jenkins CI Detection
321(OID: 1.3.6.1.4.1.25623.1.0.111001)
322","","","https://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkins"
32310.10.0.4,METASPLOITABLE3,445,tcp,9.3,High,"VendorFix","Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)","This host is missing a critical security
324 update according to Microsoft Bulletin MS17-010.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.810676,"CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,4764d30f-638d-4c45-9c25-4c6e93498fdd,"Successful exploitation will allow remote
325 attackers to gain the ability to execute code on the target server, also
326 could lead to information disclosure from the server.","Run Windows Update and update the
327 listed hotfixes or download and update mentioned hotfixes in the advisory","Microsoft Windows 10 x32/x64 Edition
328 Microsoft Windows Server 2012 Edition
329 Microsoft Windows Server 2016
330 Microsoft Windows 8.1 x32/x64 Edition
331 Microsoft Windows Server 2012 R2 Edition
332 Microsoft Windows 7 x32/x64 Edition Service Pack 1
333 Microsoft Windows Vista x32/x64 Edition Service Pack 2
334 Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1
335 Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2","Multiple flaws exist due to the way that the
336 Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests.","Send the crafted SMB transaction request
337 with fid = 0 and check the response to confirm the vulnerability.
338Details:
339Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)
340(OID: 1.3.6.1.4.1.25623.1.0.810676)
341Version used: $Revision: 11874 $
342","","96703, 96704, 96705, 96707, 96709, 96706","CB-K17/0435, DFN-CERT-2017-0448","https://support.microsoft.com/en-in/kb/4013078, https://technet.microsoft.com/library/security/MS17-010, https://github.com/rapid7/metasploit-framework/pull/8167/files"
34310.10.0.4,METASPLOITABLE3,8484,tcp,9.0,High,"VendorFix","Jenkins Multiple Vulnerabilities Oct 17 (Windows)","This host is installed with Jenkins and is prone to
344 multiple vulnerabilities.","Installed version: 1.637
345Fixed version: 2.73.2",1.3.6.1.4.1.25623.1.0.112107,"CVE-2017-1000393, CVE-2017-1000394, CVE-2017-1000395, CVE-2017-1000396, CVE-2017-1000398, CVE-2017-1000399, CVE-2017-1000400, CVE-2017-1000401, CVE-2012-6153",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,9b5f1139-7b34-4b00-9415-55ba1c30e8c7,"Successful exploitation will allow remote attackers to obtain sensitive information,
346 and execute arbitrary code.","Upgrade to Jenkins weekly to 2.84 or later / Jenkins LTS to 2.73.2 or
347 later.","Jenkins LTS 2.73.1 and prior, Jenkins weekly up to and including 2.83.","Multiple flaws are due to:
348
349 - arbitrary shell command execution
350
351 - bundling vulnerable libraries
352
353 - disclosing various information
354
355 - sending form validation for passwords via GET","Checks if a vulnerable version is present on the target host.
356Details:
357Jenkins Multiple Vulnerabilities Oct 17 (Windows)
358(OID: 1.3.6.1.4.1.25623.1.0.112107)
359Version used: $Revision: 12761 $
360","Product: cpe:/a:jenkins:jenkins:1.637
361Method: Jenkins CI Detection
362(OID: 1.3.6.1.4.1.25623.1.0.111001)
363","","CB-K15/1508, CB-K15/1506, CB-K15/0678, CB-K15/0391, CB-K15/0330, CB-K15/0186, CB-K15/0148, CB-K14/1598, CB-K14/1485, CB-K14/1035, DFN-CERT-2015-1595, DFN-CERT-2015-1576, DFN-CERT-2015-0712, DFN-CERT-2015-0403, DFN-CERT-2015-0342, DFN-CERT-2015-0191, DFN-CERT-2015-0152, DFN-CERT-2014-1693, DFN-CERT-2014-1572, DFN-CERT-2014-1078","https://jenkins.io/security/advisory/2017-10-11/, https://www.cloudbees.com"
36410.10.0.4,METASPLOITABLE3,8484,tcp,8.3,High,"VendorFix","Jenkins < 2.160 and < 2.150.2 LTS Multiple Vulnerabilities (Windows)","Jenkins and is prone to multiple vulnerabilities.","Installed version: 1.637
365Fixed version: 2.160
366Installation
367path / port: /",1.3.6.1.4.1.25623.1.0.112495,"CVE-2019-1003003, CVE-2019-1003004",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,06dea8c2-edff-46dd-931c-4c179b0635d3,"","Upgrade Jenkins weekly to 2.160 or later / Jenkins LTS to 2.150.2
368 or later.","Jenkins LTS through 2.150.1, Jenkins weekly through 2.159.","Jenkins is prone to the following vulnerabilities:
369
370 - Administrators could persist access to Jenkins using crafted 'Remember me' cookie (CVE-2019-1003003).
371
372 - Deleting a user in an external security realm did not invalidate their session or 'Remember me' cookie (CVE-2019-1003004).","Checks if a vulnerable version is present on the target host.
373Details:
374Jenkins < 2.160 and < 2.150.2 LTS Multiple Vulnerabilities (Windows)
375(OID: 1.3.6.1.4.1.25623.1.0.112495)
376Version used: $Revision: 13260 $
377","Product: cpe:/a:jenkins:jenkins:1.637
378Method: Jenkins CI Detection
379(OID: 1.3.6.1.4.1.25623.1.0.111001)
380","","","https://jenkins.io/security/advisory/2019-01-16/"
38110.10.0.4,METASPLOITABLE3,8585,tcp,7.8,High,"VendorFix","PHP Denial of Service Vulnerability Jul17 (Windows)","This host is installed with PHP and is prone
382 to denial of service vulnerability.","Installed version: 5.3.10
383Fixed version: 5.6.31",1.3.6.1.4.1.25623.1.0.811486,"CVE-2017-11142",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,3f55578b-d144-408e-a02d-199d8f2a2f5b,"Successfully exploiting this issue allow
384 an attacker to cause a CPU consumption denial of service attack.","Upgrade to PHP version 5.6.31, 7.0.17,
385 7.1.3 or later.","PHP versions before 5.6.31, 7.x before 7.0.17,
386 and 7.1.x before 7.1.3","The flaw exists due to improper handling of long
387 form variables in main/php_variables.c script.","Checks if a vulnerable version is present on the target host.
388Details:
389PHP Denial of Service Vulnerability Jul17 (Windows)
390(OID: 1.3.6.1.4.1.25623.1.0.811486)
391Version used: $Revision: 11874 $
392","Product: cpe:/a:php:php:5.3.10
393Method: PHP Version Detection (Remote)
394(OID: 1.3.6.1.4.1.25623.1.0.800109)
395","","CB-K18/0048, CB-K17/1461, CB-K17/1132, DFN-CERT-2018-0055, DFN-CERT-2017-1529, DFN-CERT-2017-1161","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
39610.10.0.4,METASPLOITABLE3,22,tcp,7.8,High,"VendorFix","OpenSSH Denial of Service And User Enumeration Vulnerabilities (Windows)","This host is installed with openssh and
397 is prone to denial of service and user enumeration vulnerabilities.","Installed version: 7.1
398Fixed version: 7.3",1.3.6.1.4.1.25623.1.0.809121,"CVE-2016-6515, CVE-2016-6210",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,8e74d417-634a-46ef-8464-625d7d3881b4,"Successfully exploiting this issue allows
399 remote attackers to cause a denial of service (crypt CPU consumption) and
400 to enumerate users by leveraging the timing difference between responses
401 when a large password is provided.","Upgrade to OpenSSH version 7.3 or later.","OpenSSH versions before 7.3 on Windows","Multiple flaws exist due to,
402
403 - The auth_password function in 'auth-passwd.c' script does not limit password
404 lengths for password authentication.
405
406 - The sshd in OpenSSH, when SHA256 or SHA512 are used for user password hashing
407 uses BLOWFISH hashing on a static password when the username does not exist
408 and it takes much longer to calculate SHA256/SHA512 hash than BLOWFISH hash.","Checks if a vulnerable version is present on the target host.
409Details:
410OpenSSH Denial of Service And User Enumeration Vulnerabilities (Windows)
411(OID: 1.3.6.1.4.1.25623.1.0.809121)
412Version used: $Revision: 11969 $
413","Product: cpe:/a:openbsd:openssh:7.1
414Method: SSH Server type and version
415(OID: 1.3.6.1.4.1.25623.1.0.10267)
416","92212","CB-K18/0041, CB-K17/2219, CB-K17/2112, CB-K17/1753, CB-K17/1349, CB-K17/1292, CB-K17/0055, CB-K16/1837, CB-K16/1629, CB-K16/1487, CB-K16/1485, CB-K16/1252, CB-K16/1221, CB-K16/1082, DFN-CERT-2018-1828, DFN-CERT-2018-1070, DFN-CERT-2018-0046, DFN-CERT-2017-2320, DFN-CERT-2017-2208, DFN-CERT-2017-1831, DFN-CERT-2017-1407, DFN-CERT-2017-1340, DFN-CERT-2017-0060, DFN-CERT-2016-1943, DFN-CERT-2016-1729, DFN-CERT-2016-1576, DFN-CERT-2016-1574, DFN-CERT-2016-1331, DFN-CERT-2016-1243, DFN-CERT-2016-1149","http://www.openssh.com/txt/release-7.3, http://seclists.org/fulldisclosure/2016/Jul/51, https://security-tracker.debian.org/tracker/CVE-2016-6210, http://openwall.com/lists/oss-security/2016/08/01/2"
41710.10.0.4,METASPLOITABLE3,8282,tcp,7.8,High,"VendorFix","Apache Tomcat MultipartStream Class Denial of Service Vulnerability (Windows)","This host is installed with Apache Tomcat
418 and is prone denial of service vulnerability.","Installed version: 8.0.33
419Fixed version: 8.0.36",1.3.6.1.4.1.25623.1.0.808197,"CVE-2016-3092",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b38d65d3-e08b-4a5c-a1b3-dec4f6d30a80,"Successful exploitation will allows remote
420 attackers to cause a denial of service (CPU consumption).","Upgrade to version 7.0.70, or 8.0.36,
421 or 8.5.3, or 9.0.0.M7, or later.","Apache Tomcat 7.x before 7.0.70, 8.0.0.RC1 before 8.0.36,
422 8.5.x before 8.5.3, and 9.0.0.M1 before 9.0.0.M7 on Windows","The flaw is due to an error in the
423 'MultipartStream' class in Apache Commons Fileupload when processing
424 multi-part requests.","Checks if a vulnerable version is present on the target host.
425Details:
426Apache Tomcat 'MultipartStream' Class Denial of Service Vulnerability (Windo...
427(OID: 1.3.6.1.4.1.25623.1.0.808197)
428Version used: $Revision: 12431 $
429","Product: cpe:/a:apache:tomcat:8.0.33
430Method: Apache Tomcat Version Detection
431(OID: 1.3.6.1.4.1.25623.1.0.800371)
432","91453","CB-K18/0605, CB-K17/1750, CB-K17/1198, CB-K17/1060, CB-K17/0657, CB-K17/0397, CB-K16/1993, CB-K16/1799, CB-K16/1758, CB-K16/1322, CB-K16/1002, CB-K16/0993, DFN-CERT-2018-2554, DFN-CERT-2018-0729, DFN-CERT-2017-1821, DFN-CERT-2017-1236, DFN-CERT-2017-1095, DFN-CERT-2017-0675, DFN-CERT-2017-0404, DFN-CERT-2016-2104, DFN-CERT-2016-1905, DFN-CERT-2016-1823, DFN-CERT-2016-1407, DFN-CERT-2016-1068, DFN-CERT-2016-1059","http://tomcat.apache.org/security-7.html, http://tomcat.apache.org/security-8.html, http://tomcat.apache.org/security-9.html"
43310.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","WordPress Multiple Vulnerabilities - Sep 2017 (Windows)","This host is running WordPress and is prone
434 to multiple vulnerabilities.","Installed version: 4.6.1
435Fixed version: 4.8.2",1.3.6.1.4.1.25623.1.0.811783,"CVE-2017-14723",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,9fd59c48-aaaa-4d2a-9ece-f1f6c72f7da0,"Successful exploitation will allow remote
436 attackers to conduct cross site scripting, SQL injection, directory traversal
437 and open redirect attacks.","Upgrade to WordPress version 4.8.2 or later.","WordPress versions 4.8.1 and earlier","Multiple flaws exists due to,
438
439 - '$wpdb->prepare' can create unexpected and unsafe queries.
440
441 - An unspecified error in the customizer.
442
443 - Multiple other unspecified errors.","Checks if a vulnerable version is present on the target host.
444Details:
445WordPress Multiple Vulnerabilities - Sep 2017 (Windows)
446(OID: 1.3.6.1.4.1.25623.1.0.811783)
447Version used: $Revision: 11983 $
448","Product: cpe:/a:wordpress:wordpress:4.6.1
449Method: WordPress Version Detection
450(OID: 1.3.6.1.4.1.25623.1.0.900182)
451","","CB-K17/1722, DFN-CERT-2017-1802","https://codex.wordpress.org/Version_4.8.2, https://wordpress.org"
45210.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Denial of Service Vulnerabilities - 02 - Jan17 (Windows)","This host is installed with PHP and is prone
453 to multiple denial of service vulnerabilities.","Installed version: 5.3.10
454Fixed version: 5.6.30",1.3.6.1.4.1.25623.1.0.108055,"CVE-2016-10159, CVE-2016-10160",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,78a6814d-5e88-497b-9271-7bf2deb470ec,"Successfully exploiting this issue allow
455 remote attackers to cause a denial of service (memory consumption or application crash).","Upgrade to PHP version 5.6.30, 7.0.15 or later.","PHP versions before 5.6.30 and 7.0.x before 7.0.15","Multiple flaws are due to
456
457 - A integer overflow in the phar_parse_pharfile function in ext/phar/phar.c
458 via a truncated manifest entry in a PHAR archive.
459
460 - A off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c
461 via a crafted PHAR archive with an alias mismatch.","Checks if a vulnerable version is present on the target host.
462Details:
463PHP Multiple Denial of Service Vulnerabilities - 02 - Jan17 (Windows)
464(OID: 1.3.6.1.4.1.25623.1.0.108055)
465Version used: $Revision: 11874 $
466","Product: cpe:/a:php:php:5.3.10
467Method: PHP Version Detection (Remote)
468(OID: 1.3.6.1.4.1.25623.1.0.800109)
469","","CB-K17/0527, CB-K17/0327, CB-K17/0318, CB-K17/0269, CB-K17/0141, DFN-CERT-2018-0835, DFN-CERT-2017-0532, DFN-CERT-2017-0334, DFN-CERT-2017-0325, DFN-CERT-2017-0274, DFN-CERT-2017-0144","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
47010.10.0.4,METASPLOITABLE3,22,tcp,7.5,High,"VendorFix","OpenSSH Multiple Vulnerabilities Jan17 (Windows)","This host is installed with openssh and
471 is prone to multiple vulnerabilities.","Installed version: 7.1
472Fixed version: 7.4",1.3.6.1.4.1.25623.1.0.810325,"CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-10708",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b7acd719-31d2-456d-bf93-9018fd1e61e5,"Successfully exploiting this issue allows
473 local users to obtain sensitive private-key information, to gain privileges,
474 conduct a senial-of-service condition and allows remote attackers to execute
475 arbitrary local PKCS#11 modules.","Upgrade to OpenSSH version 7.4 or later.","OpenSSH versions before 7.4 on Windows.","Multiple flaws exists due to,
476
477 - An 'authfile.c' script does not properly consider the effects of realloc
478 on buffer contents.
479
480 - The shared memory manager (associated with pre-authentication compression)
481 does not ensure that a bounds check is enforced by all compilers.
482
483 - The sshd in OpenSSH creates forwarded Unix-domain sockets as root, when
484 privilege separation is not used.
485
486 - An untrusted search path vulnerability in ssh-agent.c in ssh-agent.
487
488 - NULL pointer dereference error due to an out-of-sequence NEWKEYS message.","Checks if a vulnerable version is present on the target host.
489Details:
490OpenSSH Multiple Vulnerabilities Jan17 (Windows)
491(OID: 1.3.6.1.4.1.25623.1.0.810325)
492Version used: $Revision: 12467 $
493","Product: cpe:/a:openbsd:openssh:7.1
494Method: SSH Server type and version
495(OID: 1.3.6.1.4.1.25623.1.0.10267)
496","94968, 94972, 94977, 94975","CB-K18/0919, CB-K18/0591, CB-K18/0137, CB-K18/0041, CB-K17/2219, CB-K17/2112, CB-K17/1292, CB-K17/1061, CB-K17/0527, CB-K17/0377, CB-K17/0127, CB-K17/0041, CB-K16/1991, DFN-CERT-2018-2259, DFN-CERT-2018-2191, DFN-CERT-2018-2068, DFN-CERT-2018-1828, DFN-CERT-2018-1568, DFN-CERT-2018-1432, DFN-CERT-2018-1112, DFN-CERT-2018-1070, DFN-CERT-2018-1068, DFN-CERT-2018-0150, DFN-CERT-2018-0046, DFN-CERT-2017-2320, DFN-CERT-2017-2208, DFN-CERT-2017-1340, DFN-CERT-2017-1096, DFN-CERT-2017-0532, DFN-CERT-2017-0386, DFN-CERT-2017-0130, DFN-CERT-2017-0042, DFN-CERT-2016-2099","http://www.openssh.com, https://www.openssh.com/txt/release-7.4, http://www.openwall.com/lists/oss-security/2016/12/19/2, http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html, https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
49710.10.0.4,METASPLOITABLE3,3000,tcp,7.5,High,"VendorFix","Ruby on Rails Action Pack Remote Code Execution Vulnerability (Windows)","This host is running Ruby on Rails and is
498 prone to remote code execution vulnerability.","Installed version: 4.1.1
499Fixed version: 4.1.14.2",1.3.6.1.4.1.25623.1.0.809352,"CVE-2016-2098",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,c25daf04-c204-4ab4-a137-fb1ca1f3a9f8,"Successful exploitation will allow a remote
500 attacker to control the arguments of the render method in a controller or a view,
501 resulting in the possibility of executing arbitrary ruby code.","Upgrade to Ruby on Rails 3.2.22.2 or 4.1.14.2 or
502 4.2.5.2 or later.","Ruby on Rails before 3.2.22.2,
503 Ruby on Rails 4.x before 4.1.14.2 and
504 Ruby on Rails 4.2.x before 4.2.5.2 on Windows.","The flaw is due to an improper sanitization of
505 user supplied inputs to the 'render' method in a controller or view by
506 'Action Pack'.","Checks if a vulnerable version is present on the target host.
507Details:
508Ruby on Rails Action Pack Remote Code Execution Vulnerability (Windows)
509(OID: 1.3.6.1.4.1.25623.1.0.809352)
510Version used: $Revision: 12455 $
511","Product: cpe:/a:ruby-lang:ruby:2.3.3
512Method: Ruby on Rails Version Detection
513(OID: 1.3.6.1.4.1.25623.1.0.902089)
514","83725","CB-K17/1730, CB-K16/0625, CB-K16/0522, CB-K16/0426, CB-K16/0419, CB-K16/0372, DFN-CERT-2017-1809, DFN-CERT-2016-0674, DFN-CERT-2016-0566, DFN-CERT-2016-0468, DFN-CERT-2016-0458, DFN-CERT-2016-0404","https://www.debian.org/security/2016/dsa-3509, https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ, http://rubyonrails.org"
51510.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Stack Buffer Overflow Vulnerability Mar18 (Windows)","The host is installed with php and is prone
516 to stack buffer overflow vulnerability.","Installed version: 5.3.10
517Fixed version: 5.6.34
518Installation
519path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.812820,"CVE-2018-7584",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,61447a18-a11f-4a77-ad7f-9333b8e75468,"Successful exploitation will allow an attacker
520 to execute arbitrary code in the context of the affected application. Failed
521 exploit attempts will result in denial-of-service conditions.","Upgrade to version 7.2.3, 7.0.28,
522 5.6.34, 7.1.15 or later.","PHP versions 7.2.x prior to 7.2.3,
523
524 PHP versions 7.0.x prior to 7.0.28,
525
526 PHP versions 5.0.x prior to 5.6.34 and
527
528 PHP versions 7.1.x prior to 7.1.15 on Windows.","The flaw exists because php fails to
529 adequately bounds-check user-supplied data before copying it into an
530 insufficiently sized buffer.","Checks if a vulnerable version is present on the target host.
531Details:
532PHP Stack Buffer Overflow Vulnerability Mar18 (Windows)
533(OID: 1.3.6.1.4.1.25623.1.0.812820)
534Version used: $Revision: 12391 $
535","Product: cpe:/a:php:php:5.3.10
536Method: PHP Version Detection (Remote)
537(OID: 1.3.6.1.4.1.25623.1.0.800109)
538","103204","CB-K18/0698, CB-K18/0498, CB-K18/0383, DFN-CERT-2018-1232, DFN-CERT-2018-1059, DFN-CERT-2018-0733, DFN-CERT-2018-0576, DFN-CERT-2018-0537, DFN-CERT-2018-0399","http://php.net/ChangeLog-7.php, https://bugs.php.net/bug.php?id=75981, http://www.php.net"
53910.10.0.4,METASPLOITABLE3,8484,tcp,7.5,High,"VendorFix","CloudBees Jenkins Multiple Vulnerability Feb17 - 01 - (Windows)","This host is installed with CloudBees Jenkins and is prone to
540 multiple vulnerabilities.","Installed version: 1.637
541Fixed version: 2.32.2",1.3.6.1.4.1.25623.1.0.108096,"CVE-2011-4969, CVE-2015-0886, CVE-2017-2598, CVE-2017-2599, CVE-2017-2600, CVE-2017-2601, CVE-2017-2602, CVE-2017-2603, CVE-2017-2604, CVE-2017-2605, CVE-2017-2606, CVE-2017-2607, CVE-2017-2608, CVE-2017-2609, CVE-2017-2610, CVE-2017-2611, CVE-2017-2612, CVE-2017-2613, CVE-2017-1000362",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,4617ee91-30a7-45d8-9a99-7a9caeac1a7f,"Successful exploitation will allow remote attackers to obtain sensitive information,
542 to bypass intended access restrictions and execute arbitrary code.","Upgrade to CloudBees Jenkins main line to 2.44 or later / Jenkins LTS to 2.32.2 or
543 later.","CloudBees Jenkins LTS 2.32.1 and prior, Jenkins main line 2.43 and prior.","Multiple flaws are due to,
544
545 - cross-site scripting vulnerabilities
546
547 - the usage ouf outdated libraries
548
549 - insufficient access permission verifications / checks
550
551 - a remote code execution vulnerability
552
553 - a information disclosure vulnerability","Checks if a vulnerable version is present on the target host.
554Details:
555CloudBees Jenkins Multiple Vulnerability Feb17 - 01 - (Windows)
556(OID: 1.3.6.1.4.1.25623.1.0.108096)
557Version used: $Revision: 12761 $
558","Product: cpe:/a:jenkins:jenkins:1.637
559Method: Jenkins CI Detection
560(OID: 1.3.6.1.4.1.25623.1.0.111001)
561","","CB-K17/0195, CB-K15/0272, DFN-CERT-2017-0199, DFN-CERT-2016-0890, DFN-CERT-2015-0283","https://jenkins.io/security/advisory/2017-02-01/, https://www.cloudbees.com/cloudbees-security-advisory-2017-02-01"
56210.10.0.4,METASPLOITABLE3,8383,tcp,7.5,High,"VendorFix","ManageEngine Desktop Central RCE Vulnerability","Zoho ManageEngine Desktop Central allows remote attackers to execute
563arbitrary code via vectors involving the upload of help desk videos.","Installed version: 91084
564Fixed version: 100092",1.3.6.1.4.1.25623.1.0.106969,"CVE-2017-11346",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,d774d692-0bd0-47a2-9674-658c2dc37591,"","Upgrade to build 100092 or later.","ManageEngine Desktop Central before build 100092.","","Checks if a vulnerable version is present on the target host.
565Details:
566ManageEngine Desktop Central RCE Vulnerability
567(OID: 1.3.6.1.4.1.25623.1.0.106969)
568Version used: $Revision: 12106 $
569","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
570Method: ManageEngine Desktop Central MSP Version Detection
571(OID: 1.3.6.1.4.1.25623.1.0.805717)
572","","","https://www.manageengine.com/products/desktop-central/remote-code-execution.html"
57310.10.0.4,METASPLOITABLE3,8022,tcp,7.5,High,"VendorFix","ManageEngine Desktop Central RCE Vulnerability","Zoho ManageEngine Desktop Central allows remote attackers to execute
574arbitrary code via vectors involving the upload of help desk videos.","Installed version: 91084
575Fixed version: 100092",1.3.6.1.4.1.25623.1.0.106969,"CVE-2017-11346",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,62b5e51b-acf2-4fa2-9c0f-6e1139a383c8,"","Upgrade to build 100092 or later.","ManageEngine Desktop Central before build 100092.","","Checks if a vulnerable version is present on the target host.
576Details:
577ManageEngine Desktop Central RCE Vulnerability
578(OID: 1.3.6.1.4.1.25623.1.0.106969)
579Version used: $Revision: 12106 $
580","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
581Method: ManageEngine Desktop Central MSP Version Detection
582(OID: 1.3.6.1.4.1.25623.1.0.805717)
583","","","https://www.manageengine.com/products/desktop-central/remote-code-execution.html"
58410.10.0.4,METASPLOITABLE3,8020,tcp,7.5,High,"VendorFix","ManageEngine Desktop Central RCE Vulnerability","Zoho ManageEngine Desktop Central allows remote attackers to execute
585arbitrary code via vectors involving the upload of help desk videos.","Installed version: 91084
586Fixed version: 100092",1.3.6.1.4.1.25623.1.0.106969,"CVE-2017-11346",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,971fc629-9278-49e4-be5e-3e920be24593,"","Upgrade to build 100092 or later.","ManageEngine Desktop Central before build 100092.","","Checks if a vulnerable version is present on the target host.
587Details:
588ManageEngine Desktop Central RCE Vulnerability
589(OID: 1.3.6.1.4.1.25623.1.0.106969)
590Version used: $Revision: 12106 $
591","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
592Method: ManageEngine Desktop Central MSP Version Detection
593(OID: 1.3.6.1.4.1.25623.1.0.805717)
594","","","https://www.manageengine.com/products/desktop-central/remote-code-execution.html"
59510.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Directory Traversal Vulnerability - Jul16 (Windows)","This host is installed with PHP and is prone
596 to Directory traversal vulnerability.","Installed version: 5.3.10
597Fixed version: 5.4.45",1.3.6.1.4.1.25623.1.0.808616,"CVE-2014-9767, CVE-2015-6834, CVE-2015-6835, CVE-2015-6837, CVE-2015-6838",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,327ef02a-b65a-4735-a4c0-6450f43b4d0f,"Successfully exploiting this issue allow remote
598 attackers to read arbitrary empty directories, also to cause a denial of service.","Upgrade to PHP version 5.4.45, or 5.5.29,
599 or 5.6.13, or later.","PHP versions prior to 5.4.45, 5.5.x before
600 5.5.29, and 5.6.x before 5.6.13 on Windows","Multiple flaws are due to
601
602 - An error in the 'ZipArchive::extractTo' function in
603 'ext/zip/php_zip.c' script.
604
605 - The xsl_ext_function_php function in ext/xsl/xsltprocessor.c when libxml2
606 is used, does not consider the possibility of a NULL valuePop return value
607 before proceeding with a free operation after the principal argument loop.
608
609 - Improper handling of multiple php_var_unserialize calls.
610
611 - Multiple use-after-free vulnerabilities.","Checks if a vulnerable version is present on the target host.
612Details:
613PHP Directory Traversal Vulnerability - Jul16 (Windows)
614(OID: 1.3.6.1.4.1.25623.1.0.808616)
615Version used: $Revision: 11938 $
616","Product: cpe:/a:php:php:5.3.10
617Method: PHP Version Detection (Remote)
618(OID: 1.3.6.1.4.1.25623.1.0.800109)
619","76652, 76649, 76733, 76734, 76738","CB-K16/1776, CB-K16/0944, CB-K16/0912, CB-K16/0623, CB-K16/0614, CB-K16/0422, CB-K15/1571, CB-K15/1561, CB-K15/1478, CB-K15/1439, CB-K15/1415, CB-K15/1337, DFN-CERT-2016-1882, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0676, DFN-CERT-2016-0659, DFN-CERT-2016-0460, DFN-CERT-2015-1658, DFN-CERT-2015-1644, DFN-CERT-2015-1556, DFN-CERT-2015-1515, DFN-CERT-2015-1493, DFN-CERT-2015-1407","http://www.php.net/ChangeLog-5.php, http://www.openwall.com/lists/oss-security/2016/03/16/20"
62010.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP libgd Denial of Service Vulnerability (Windows)","This host is installed with PHP and is prone
621 to denial of service vulnerability.","Installed version: 5.3.10
622Fixed version: 5.6.27/7.0.12",1.3.6.1.4.1.25623.1.0.809337,"CVE-2016-7568",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,fdb81878-ace8-4875-a313-909199cd52ed,"Successfully exploiting this issue allow
623 remote attackers to cause a denial of service, or possibly have unspecified
624 other impact.","Update to PHP version 5.6.27 or 7.0.12.","PHP versions 5.x through 5.6.26 and 7.0.x through 7.0.11 on Windows","The flaw exists due to an integer overflow
625 in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library.","Checks if a vulnerable version is present on the target host.
626Details:
627PHP 'libgd' Denial of Service Vulnerability (Windows)
628(OID: 1.3.6.1.4.1.25623.1.0.809337)
629Version used: $Revision: 12313 $
630","Product: cpe:/a:php:php:5.3.10
631Method: PHP Version Detection (Remote)
632(OID: 1.3.6.1.4.1.25623.1.0.800109)
633","93184","CB-K16/1645, CB-K16/1606, CB-K16/1603, DFN-CERT-2016-1745, DFN-CERT-2016-1704, DFN-CERT-2016-1700","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php, http://seclists.org/oss-sec/2016/q3/639, https://bugs.php.net/bug.php?id=73003"
63410.10.0.4,METASPLOITABLE3,8484,tcp,7.5,High,"VendorFix","Jenkins CLI Multiple Vulnerabilities","The host is installed with Jenkins and is
635 prone to multiple vulnerabilities.","Installed Version: 1.637
636Fixed Version: For Jenkins main line update to 1.638",1.3.6.1.4.1.25623.1.0.806621,"CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, CVE-2015-5324, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5325, CVE-2015-5326",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,91b3c290-824c-43f2-b1eb-26391af26331,"Successful exploitation will allow remote
637 attackers to gain access to sensitive information, conduct XXE, XSS and CSRF
638 attacks, and execute arbitrary code on the affected system.","Jenkins main line users should update to 1.638
639 Jenkins LTS users should update to 1.625.2","All Jenkins main line releases up to and including 1.637
640 All Jenkins LTS releases up to and including 1.625.1","Multiple flaws exist as,
641
642 - Jenkins UI allows users to see the names of jobs and builds otherwise
643 inaccessible to them on the 'Fingerprints' pages.
644
645 - The salt used to generate the CSRF protection tokens is a publicly accessible
646 value.
647
648 - When creating a job using the create-job CLI command, external entities are
649 not discarded (nor processed).
650
651 - JNLP slave connections did not verify that the correct secret was supplied.
652
653 - The /queue/api URL could return information about items not accessible to
654 the current user.
655
656 - The CLI command overview and help pages in Jenkins were accessible without
657 Overall/Read permission.
658
659 - Access to the /jnlpJars/ URL was not limited to the specific JAR files users
660 needed to access, allowing browsing directories and downloading other files in
661 the Jenkins servlet resources.
662
663 - API tokens of other users were exposed to admins by default.
664
665 - Slaves connecting via JNLP were not subject to the optional slave-to-master
666 access control.
667
668 - Users with the permission to take slave nodes offline can enter arbitrary
669 HTML.
670
671 - An error due to unsafe deserialization.","Checks if a vulnerable version is present on the target host.
672Details:
673Jenkins CLI Multiple Vulnerabilities
674(OID: 1.3.6.1.4.1.25623.1.0.806621)
675Version used: $Revision: 12761 $
676","Product: cpe:/a:jenkins:jenkins:1.637
677Method: Jenkins CI Detection
678(OID: 1.3.6.1.4.1.25623.1.0.111001)
679","","CB-K16/0489, CB-K16/0141, CB-K15/1672, CB-K15/1669, DFN-CERT-2016-0531, DFN-CERT-2016-0157, DFN-CERT-2015-1768, DFN-CERT-2015-1761","https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11, https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli, http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability"
68010.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","WordPress < 4.7.2 Multiple Security Vulnerabilities (Windows)","This host is running WordPress and is prone to multiple security vulnerabilities
681 because it fails to sanitize user-supplied input.","Installed version: 4.6.1
682Fixed version: 4.7.2",1.3.6.1.4.1.25623.1.0.108069,"CVE-2017-5610, CVE-2017-5611, CVE-2017-5612, CVE-2017-1001000",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,8e3b1a95-7708-4d5a-9b30-0bfefe6a99d0,"Successfully exploiting this issue allow
683 remote attacker to e.g. obtain sensitive information or inject arbitrary web script or HTML.","Upgrade to WordPress version 4.7.2.","WordPress versions 4.7.1 and earlier.","Multiple flaws are due to:
684
685 - The user interface for assigning taxonomy terms in Press This is shown to
686 users who do not have permissions to use it.
687
688 - P_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
689 WordPress core is not directly vulnerable to this issue, but hardening was added to prevent plugins and themes
690 from accidentally causing a vulnerability.
691
692 - A cross-site scripting (XSS) vulnerability was discovered in the posts list table.
693
694 - An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.","Checks if a vulnerable version is present on the target host.
695Details:
696WordPress < 4.7.2 Multiple Security Vulnerabilities (Windows)
697(OID: 1.3.6.1.4.1.25623.1.0.108069)
698Version used: $Revision: 11962 $
699","Product: cpe:/a:wordpress:wordpress:4.6.1
700Method: WordPress Version Detection
701(OID: 1.3.6.1.4.1.25623.1.0.900182)
702","","CB-K17/0154, DFN-CERT-2017-0193, DFN-CERT-2017-0159","https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/, https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/, https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html, http://www.secpod.com/blog/wordpress-rest-api-zero-day-privilege-escalation-vulnerability"
70310.10.0.4,METASPLOITABLE3,8484,tcp,7.5,High,"VendorFix","Jenkins Security Advisory Apr17 - Multiple Vulnerabilities (Windows)","Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allow malicious users to perform several administrative actions by tricking a victim into opening a web page.","Installed version: 1.637
704Fixed version: 2.46.2",1.3.6.1.4.1.25623.1.0.107157,"CVE-2017-1000353, CVE-2017-1000354, CVE-2017-1000355, CVE-2017-1000356",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,eae7ca81-e935-4451-bc3c-c06ca1751c34,"Successfully exploiting this issue allows attackers to:
705
706 - perform several administrative actions by tricking a victim into opening a web page.execute arbitrary code in the context of the affected application.
707
708 - to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blacklist-based protection mechanism.
709
710 - impersonate any other Jenkins user on the same instance.
711
712 - crash the Java process.","Jenkins main line users should update to 2.57,
713 Jenkins LTS users should update to 2.46.2","The following products are vulnerable:
714 Jenkins LTS 2.46.1 and prior, Jenkins 2.56 and prior.","Multiple flaws are due to::
715
716 - multiple Cross-Site Request Forgery vulnerabilities.
717
718 - the storage of the encrypted user name in a cache file which is used to authenticate further commands.
719
720 - XStream library which allow anyone able to provide XML to Jenkins for processing using XStream to crash the Java process.","Checks if a vulnerable version is present on the target host.
721Details:
722Jenkins Security Advisory Apr17 - Multiple Vulnerabilities (Windows)
723(OID: 1.3.6.1.4.1.25623.1.0.107157)
724Version used: $Revision: 12761 $
725","Product: cpe:/a:jenkins:jenkins:1.637
726Method: Jenkins CI Detection
727(OID: 1.3.6.1.4.1.25623.1.0.111001)
728","98056","CB-K17/0706, DFN-CERT-2017-0727","http://www.securityfocus.com/bid/98056, https://jenkins.io/security/advisory/2017-04-26/"
72910.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 04 - Jul16 (Windows)","This host is installed with PHP and is prone
730 to multiple vulnerabilities.","Installed version: 5.3.10
731Fixed version: 5.4.44",1.3.6.1.4.1.25623.1.0.808605,"CVE-2015-8867, CVE-2015-8876, CVE-2015-8873, CVE-2015-8835",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,1039ca00-ee9c-42bc-bedf-b100b548ca28,"Successfully exploiting this issue allow
732 remote attackers to cause a denial of service (NULL pointer dereference and
733 application crash) or trigger unintended method execution to defeat cryptographic
734 protection mechanisms.","Upgrade to PHP version 5.4.44,
735 or 5.5.28, or 5.6.12, or later.","PHP versions prior to 5.4.44, 5.5.x before
736 5.5.28, and 5.6.x before 5.6.12 on Windows","The multiple flaws are due to,
737
738 - An improper validation of certain Exception objects in 'Zend/zend_exceptions.c'
739 script.
740
741 - The 'openssl_random_pseudo_bytes' function in 'ext/openssl/openssl.c' incorrectly
742 relies on the deprecated 'RAND_pseudo_bytes' function.","Checks if a vulnerable version is present on the target host.
743Details:
744PHP Multiple Vulnerabilities - 04 - Jul16 (Windows)
745(OID: 1.3.6.1.4.1.25623.1.0.808605)
746Version used: $Revision: 12431 $
747","Product: cpe:/a:php:php:5.3.10
748Method: PHP Version Detection (Remote)
749(OID: 1.3.6.1.4.1.25623.1.0.800109)
750","87481, 90867, 84426, 90712","CB-K17/0318, CB-K16/1776, CB-K16/1190, CB-K16/1179, CB-K16/0944, CB-K16/0937, CB-K16/0912, CB-K16/0911, CB-K16/0868, CB-K16/0705, CB-K16/0623, CB-K16/0614, DFN-CERT-2017-0325, DFN-CERT-2016-1882, DFN-CERT-2016-1265, DFN-CERT-2016-1253, DFN-CERT-2016-1004, DFN-CERT-2016-0996, DFN-CERT-2016-0972, DFN-CERT-2016-0944, DFN-CERT-2016-0924, DFN-CERT-2016-0764, DFN-CERT-2016-0676, DFN-CERT-2016-0659","http://www.php.net/ChangeLog-5.php"
75110.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP serialize_function_call Function Type Confusion Vulnerability - Mar16 (Windows)","This host is installed with PHP and is prone
752 to remote code execution vulnerability.","Installed version: 5.3.10
753Fixed version: 5.4.45",1.3.6.1.4.1.25623.1.0.807091,"CVE-2015-6836",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,41239da8-f680-4274-8d59-94e3ae7decec,"Successfully exploiting this issue allow
754 remote attackers to execute arbitrary code in the context of the user
755 running the affected application. Failed exploit attempts will likely cause
756 a denial-of-service condition.","Upgrade to PHP version 5.4.45, or 5.5.29, or
757 5.6.13 or later.","PHP versions before 5.4.45, 5.5.x before
758 5.5.29, and 5.6.x before 5.6.13 on Windows","The flaw is due to 'SoapClient __call'
759 method in 'ext/soap/soap.c' scripr does not properly manage headers.","Checks if a vulnerable version is present on the target host.
760Details:
761PHP 'serialize_function_call' Function Type Confusion Vulnerability - Mar16 ...
762(OID: 1.3.6.1.4.1.25623.1.0.807091)
763Version used: $Revision: 12363 $
764","Product: cpe:/a:php:php:5.3.10
765Method: PHP Version Detection (Remote)
766(OID: 1.3.6.1.4.1.25623.1.0.800109)
767","76644","CB-K16/0944, CB-K16/0422, CB-K15/1571, CB-K15/1561, CB-K15/1478, CB-K15/1439, CB-K15/1415, CB-K15/1337, DFN-CERT-2016-1004, DFN-CERT-2016-0460, DFN-CERT-2015-1658, DFN-CERT-2015-1644, DFN-CERT-2015-1556, DFN-CERT-2015-1515, DFN-CERT-2015-1493, DFN-CERT-2015-1407","http://www.php.net/ChangeLog-5.php, https://bugs.php.net/bug.php?id=70388"
76810.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","Apache HTTP Server Multiple Vulnerabilities June17 (Windows)","This host is running Apache HTTP Server
769 and is prone to multiple vulnerabilities.","Installed version: 2.2.21
770Fixed version: 2.2.33",1.3.6.1.4.1.25623.1.0.811213,"CVE-2017-7679, CVE-2017-3169, CVE-2017-3167",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,98fec2f8-55be-413f-b985-2c2c3a2f51f3,"Successful exploitation will allow remote
771 attackers to bypass authentication and perform unauthorized actions, cause
772 a denial-of-service condition and gain access to potentially sensitive
773 information.","Upgrade to Apache HTTP Server 2.2.33 or 2.4.26
774 or later.","Apache HTTP Server 2.2.x before 2.2.33 and
775 2.4.x before 2.4.26 on Windows.","Multiple flaws exists as,
776
777 - The mod_mime can read one byte past the end of a buffer when sending a malicious
778 Content-Type response header.
779
780 - The mod_ssl may dereference a NULL pointer when third-party modules call
781 ap_hook_process_connection() during an HTTP request to an HTTPS port.
782
783 - An use of the ap_get_basic_auth_pw() by third-party modules outside of the
784 authentication phase may lead to authentication requirements being
785 bypassed.","Checks if a vulnerable version is present on the target host.
786Details:
787Apache HTTP Server Multiple Vulnerabilities June17 (Windows)
788(OID: 1.3.6.1.4.1.25623.1.0.811213)
789Version used: $Revision: 11863 $
790","Product: cpe:/a:apache:http_server:2.2.21
791Method: Apache Web Server Detection
792(OID: 1.3.6.1.4.1.25623.1.0.900498)
793","99135, 99134","CB-K18/0066, CB-K17/2188, CB-K17/2013, CB-K17/1936, CB-K17/1854, CB-K17/1842, CB-K17/1768, CB-K17/1747, CB-K17/1622, CB-K17/1382, CB-K17/1279, CB-K17/1154, CB-K17/1023, DFN-CERT-2018-0077, DFN-CERT-2017-2290, DFN-CERT-2017-2104, DFN-CERT-2017-2021, DFN-CERT-2017-1926, DFN-CERT-2017-1925, DFN-CERT-2017-1843, DFN-CERT-2017-1828, DFN-CERT-2017-1692, DFN-CERT-2017-1443, DFN-CERT-2017-1327, DFN-CERT-2017-1193, DFN-CERT-2017-1058","http://seclists.org/oss-sec/2017/q2/509, http://httpd.apache.org/security/vulnerabilities_24.html, http://httpd.apache.org/security/vulnerabilities_22.html, https://httpd.apache.org"
79410.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 01 - Mar16 (Windows)","This host is installed with PHP and is prone
795 to multiple vulnerabilities.","Installed version: 5.3.10
796Fixed version: 5.4.44",1.3.6.1.4.1.25623.1.0.807088,"CVE-2015-6831, CVE-2015-6832, CVE-2015-6833",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,00f52c6a-7ea3-4645-bf41-82704f20fe91,"Successfully exploiting this issue allow
797 remote attackers to execute arbitrary code and to create or overwrite arbitrary
798 files on the system and this may lead to launch further attacks.","Upgrade to PHP version 5.4.44 or 5.5.28 or
799 5.6.12 or later.","PHP versions before 5.4.44, 5.5.x before
800 5.5.28, and 5.6.x before 5.6.12 on Windows","Multiple flaws are due to,
801
802 - The multiple use-after-free vulnerabilities in SPL unserialize implementation.
803
804 - An insufficient validation of user supplied input by 'phar/phar_object.c'
805 script.","Checks if a vulnerable version is present on the target host.
806Details:
807PHP Multiple Vulnerabilities - 01 - Mar16 (Windows)
808(OID: 1.3.6.1.4.1.25623.1.0.807088)
809Version used: $Revision: 11961 $
810","Product: cpe:/a:php:php:5.3.10
811Method: PHP Version Detection (Remote)
812(OID: 1.3.6.1.4.1.25623.1.0.800109)
813","76737, 76739, 76735","CB-K16/0944, CB-K16/0422, CB-K15/1571, CB-K15/1439, CB-K15/1415, CB-K15/1261, DFN-CERT-2016-1004, DFN-CERT-2016-0460, DFN-CERT-2015-1658, DFN-CERT-2015-1515, DFN-CERT-2015-1493, DFN-CERT-2015-1335","https://bugs.php.net/bug.php?id=70068, http://www.openwall.com/lists/oss-security/2015/08/19/3, http://www.php.net"
81410.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","WordPress esc_sql Function SQL Injection Vulnerability - Nov 2017 (Windows)","This host is running WordPress and is prone
815 to an sql injection vulnerability.","Installed version: 4.6.1
816Fixed version: 4.8.3",1.3.6.1.4.1.25623.1.0.811887,"CVE-2017-16510",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,c28e344c-3669-4dda-866e-c9a8ad5bfb4b,"Successful exploitation will allow remote
817 attackers to execute arbitrary commands.","Upgrade to WordPress version 4.8.3 or later.","WordPress versions 4.8.2 and earlier","The flaw exists because '$wpdb->prepare'
818 function can create unexpected and unsafe queries.","Checks if a vulnerable version is present on the target host.
819Details:
820WordPress 'esc_sql' Function SQL Injection Vulnerability - Nov 2017 (Windows)
821(OID: 1.3.6.1.4.1.25623.1.0.811887)
822Version used: $Revision: 11983 $
823","Product: cpe:/a:wordpress:wordpress:4.6.1
824Method: WordPress Version Detection
825(OID: 1.3.6.1.4.1.25623.1.0.900182)
826","","CB-K18/0122, DFN-CERT-2018-0126","https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release"
82710.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP phar/tar.c Heap Buffer Overflow Vulnerability (Windows)","This host is running PHP and is prone to heap buffer overflow
828 vulnerability.","Installed version: 5.3.10
829Fixed version: 5.3.14/5.4.4",1.3.6.1.4.1.25623.1.0.803342,"CVE-2012-2386",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,88cf52cf-8f1d-4865-98a9-c984f47c2420,"Successful exploitation could allow attackers to execute arbitrary code
830 or cause a denial-of-service condition via specially crafted TAR file.","Upgrade to PHP 5.4.4 or 5.3.14 or later.","PHP version before 5.3.14 and 5.4.x before 5.4.4","Flaw related to overflow in phar_parse_tarfile()function in ext/phar/tar.c
831 in the phar extension.","
832Details:
833PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability (Windows)
834(OID: 1.3.6.1.4.1.25623.1.0.803342)
835Version used: $Revision: 11865 $
836","Product: cpe:/a:php:php:5.3.10
837Method: PHP Version Detection (Remote)
838(OID: 1.3.6.1.4.1.25623.1.0.800109)
839","47545","DFN-CERT-2012-1316, DFN-CERT-2012-1289, DFN-CERT-2012-1288, DFN-CERT-2012-1287, DFN-CERT-2012-1280, DFN-CERT-2012-1279, DFN-CERT-2012-1268, DFN-CERT-2012-1266, DFN-CERT-2012-1162, DFN-CERT-2012-1100, DFN-CERT-2012-1067","http://www.php.net/ChangeLog-5.php, http://en.securitylab.ru/nvd/426726.php, http://secunia.com/advisories/cve_reference/CVE-2012-2386, http://www.php.net/downloads.php"
84010.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","WordPress Multiple Vulnerabilities (Security Release) - December 2018 (Windows)","This host is running WordPress and is prone
841 to multiple vulnerabilities.","Installed version: 4.6.1
842Fixed version: 4.6.13
843Installation
844path / port: /wordpress",1.3.6.1.4.1.25623.1.0.112465,"CVE-2018-20147, CVE-2018-20148, CVE-2018-20149, CVE-2018-20150, CVE-2018-20151, CVE-2018-20152, CVE-2018-20153",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,ca975bb1-d44c-49c8-9082-e4ee1906cc77,"","The issues have been fixed in version 5.0.1.
845 Updated versions of WordPress 4.9 and older releases are also available.
846 For details refer to the referenced links to apply the correct fix for your specific version.","All versions since WordPress 3.7 up to 5.0.","The following vulnerabilities exist:
847
848 - Authors could alter meta data to delete files that they weren't authorized to.
849
850 - Authors could create posts of unauthorized post types with specially crafted input.
851
852 - Contributors could craft meta data in a way that resulted in PHP object injection.
853
854 - Contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.
855
856 - Specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances.
857 WordPress itself was not affected, but plugins could be in some situations.
858
859 - The user activation screen could be indexed by search engines in some uncommon configurations,
860 leading to exposure of email addresses, and in some rare cases, default generated passwords.
861
862 - Authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification,
863 leading to a cross-site scripting vulnerability.","Checks if a vulnerable version is present on the target host.
864Details:
865WordPress Multiple Vulnerabilities (Security Release) - December 2018 (Windo...
866(OID: 1.3.6.1.4.1.25623.1.0.112465)
867Version used: $Revision: 12963 $
868","Product: cpe:/a:wordpress:wordpress:4.6.1
869Method: WordPress Version Detection
870(OID: 1.3.6.1.4.1.25623.1.0.900182)
871","106220","DFN-CERT-2018-2545","https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/, https://wordpress.org/download/releases/"
87210.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 01 - Apr16 (Windows)","This host is installed with PHP and is prone
873 to multiple vulnerabilities.","Installed version: 5.3.10
874Fixed version: 5.5.33",1.3.6.1.4.1.25623.1.0.807806,"CVE-2016-3142, CVE-2016-3141",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,d8866636-9753-4f7c-923b-a0d12014b188,"Successfully exploiting this issue allow
875 remote attackers to gain access to potentially sensitive information and
876 conduct a denial of service (memory corruption and application crash).","Upgrade to PHP version 5.5.33 or 5.6.19
877 or later.","PHP versions before 5.5.33, and 5.6.x before
878 5.6.19 on Windows","Multiple flaws are due to,
879
880 - A use-after-free error in wddx.c script in the WDDX extension in PHP
881
882 - An error in the phar_parse_zipfile function in zip.c script in the PHAR
883 extension in PHP.","Checks if a vulnerable version is present on the target host.
884Details:
885PHP Multiple Vulnerabilities - 01 - Apr16 (Windows)
886(OID: 1.3.6.1.4.1.25623.1.0.807806)
887Version used: $Revision: 11961 $
888","Product: cpe:/a:php:php:5.3.10
889Method: PHP Version Detection (Remote)
890(OID: 1.3.6.1.4.1.25623.1.0.800109)
891","","CB-K16/1776, CB-K16/1620, CB-K16/0944, CB-K16/0912, CB-K16/0723, CB-K16/0623, CB-K16/0614, DFN-CERT-2016-1882, DFN-CERT-2016-1717, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0775, DFN-CERT-2016-0676, DFN-CERT-2016-0659","https://bugs.php.net/bug.php?id=71587, https://bugs.php.net/bug.php?id=71498, https://secure.php.net/ChangeLog-5.php, http://www.php.net"
89210.10.0.4,METASPLOITABLE3,9200,tcp,7.5,High,"VendorFix","Elasticsearch < 1.6.1 Multiple Vulnerabilities (Windows)","This host is running Elasticsearch
893 and is prone to multiple vulnerabilities.","Installed version: 1.1.1
894Fixed version: 1.6.1",1.3.6.1.4.1.25623.1.0.808091,"CVE-2015-5531, CVE-2015-5377",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,e066837c-e430-42bc-96e7-c4ccdf336763,"Successful exploitation will allow remote
895 attackers to execute code or read arbitrary files.","Upgrade to Elasticsearch version 1.6.1,
896 or later.","Elasticsearch version 1.0.0 through 1.6.0
897 on Windows.","The Flaw is due to:
898
899 - an error in the snapshot API calls (CVE-2015-5531)
900
901 - an attack that can result in remote code execution (CVE-2015-5377).","Checks if a vulnerable version is present on the target host.
902Details:
903Elasticsearch < 1.6.1 Multiple Vulnerabilities (Windows)
904(OID: 1.3.6.1.4.1.25623.1.0.808091)
905Version used: $Revision: 12363 $
906","Product: cpe:/a:elasticsearch:elasticsearch:1.1.1
907Method: Elasticsearch and Logstash Detection
908(OID: 1.3.6.1.4.1.25623.1.0.105031)
909","75935","CB-K15/1118, DFN-CERT-2015-1160","https://www.elastic.co/community/security/, http://www.securityfocus.com/archive/1/archive/1/536017/100/0/threaded"
91010.10.0.4,METASPLOITABLE3,22,tcp,7.5,High,"VendorFix","OpenSSH X11 Forwarding Security Bypass Vulnerability (Windows)","This host is installed with openssh and
911 is prone to security bypass vulnerability.","Installed version: 7.1
912Fixed version: 7.2",1.3.6.1.4.1.25623.1.0.810768,"CVE-2016-1908",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b8e9172e-6d9f-4c18-bfa4-80af8400f95e,"Successfully exploiting this issue allows
913 local users to bypass certain security restrictions and perform unauthorized
914 actions. This may lead to further attacks.","Upgrade to OpenSSH version 7.2 or later.","OpenSSH versions before 7.2 on Windows","An access flaw was discovered in OpenSSH,
915 It did not correctly handle failures to generate authentication cookies for
916 untrusted X11 forwarding. A malicious or compromised remote X application
917 could possibly use this flaw to establish a trusted connection to the
918 local X server, even if only untrusted X11 forwarding was requested.","Checks if a vulnerable version is present on the target host.
919Details:
920OpenSSH X11 Forwarding Security Bypass Vulnerability (Windows)
921(OID: 1.3.6.1.4.1.25623.1.0.810768)
922Version used: $Revision: 11919 $
923","Product: cpe:/a:openbsd:openssh:7.1
924Method: SSH Server type and version
925(OID: 1.3.6.1.4.1.25623.1.0.10267)
926","84427","CB-K16/1485, CB-K16/0694, CB-K16/0684, CB-K16/0449, CB-K16/0162, DFN-CERT-2018-1828, DFN-CERT-2016-1574, DFN-CERT-2016-0754, DFN-CERT-2016-0733, DFN-CERT-2016-0488, DFN-CERT-2016-0182","http://openwall.com/lists/oss-security/2016/01/15/13, https://bugzilla.redhat.com/show_bug.cgi?id=1298741#c4, http://www.openssh.com/txt/release-7.2, https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c, https://bugzilla.redhat.com/show_bug.cgi?id=1298741"
92710.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","WordPress Multiple Vulnerabilities - May17 (Windows)","This host is running WordPress and is prone
928 to multiple vulnerabilities.","Installed version: 4.6.1
929Fixed version: 4.7.5",1.3.6.1.4.1.25623.1.0.811045,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,1f3107f1-8ee8-481e-b56c-965fd0241750,"Successfully exploiting will allow remote
930 attacker to conduct cross site request forgery (CSRF) attacks, cross-site
931 scripting (XSS) attacks and have other some unspecified impact.","Upgrade to WordPress version 4.7.5 or later.","WordPress versions 4.7.4 and prior on
932 Windows.","Multiple flaws are due to,
933
934 - An insufficient redirect validation in the HTTP class.
935
936 - An improper handling of post meta data values in the XML-RPC API.
937
938 - The lack of capability checks for post meta data in the XML-RPC API.
939
940 - A cross site request forgery (CSRF) vulnerability in the filesystem
941 credentials dialog.
942
943 - A cross-site scripting (XSS) vulnerability when attempting to upload very
944 large files.
945
946 - A cross-site scripting (XSS) vulnerability related to the Customizer.","Checks if a vulnerable version is present on the target host.
947Details:
948WordPress Multiple Vulnerabilities - May17 (Windows)
949(OID: 1.3.6.1.4.1.25623.1.0.811045)
950Version used: $Revision: 11977 $
951","Product: cpe:/a:wordpress:wordpress:4.6.1
952Method: WordPress Version Detection
953(OID: 1.3.6.1.4.1.25623.1.0.900182)
954","","","https://wordpress.org/news/2017/05/wordpress-4-7-5"
95510.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 03 - Jul16 (Windows)","This host is installed with PHP and is prone
956 to multiple vulnerabilities.","Installed version: 5.3.10
957Fixed version: 5.5.35",1.3.6.1.4.1.25623.1.0.808602,"CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f2637f18-0c28-47c5-aa3f-9aaa82fdb29b,"Successfully exploiting this issue allow
958 remote attackers to cause a denial of service (out-of-bounds read) or possibly
959 have unspecified other impact.","Upgrade to PHP version 5.5.35,
960 or 5.6.21, or 7.0.6, or later.","PHP versions prior to 5.5.35, 5.6.x before
961 5.6.21, and 7.x before 7.0.6 on Windows.","The multiple flaws are due to,
962
963 - An improper validation of TIFF start data in 'exif_process_TIFF_in_JPEG' function
964 in 'ext/exif/exif.c' script.
965
966 - An improper validation of IFD sizes in 'exif_process_TIFF_in_JPEG' function
967 in 'ext/exif/exif.c' script.
968
969 - An improper construction of spprintf arguments, in 'exif_process_TIFF_in_JPEG'
970 function in 'ext/exif/exif.c' script.
971
972 - An error in 'grapheme_strpos function' in 'ext/intl/grapheme/grapheme_string.c'.
973
974 - An error in 'xml_parse_into_struct' function in 'ext/xml/xml.c' script.
975
976 - The 'bcpowmod' function in 'ext/bcmath/bcmath.c' improperly modifies certain data
977 structures.
978
979 - An improper validation of input passed to 'bcpowmod' function in
980 'ext/bcmath/bcmath.c' script.
981
982 - An error in 'grapheme_strpos' function in ext/intl/grapheme/grapheme_string.c
983 script.","Checks if a vulnerable version is present on the target host.
984Details:
985PHP Multiple Vulnerabilities - 03 - Jul16 (Windows)
986(OID: 1.3.6.1.4.1.25623.1.0.808602)
987Version used: $Revision: 12313 $
988","Product: cpe:/a:php:php:5.3.10
989Method: PHP Version Detection (Remote)
990(OID: 1.3.6.1.4.1.25623.1.0.800109)
991","89844, 90172, 90173, 90174","CB-K16/1776, CB-K16/0944, CB-K16/0912, CB-K16/0909, CB-K16/0868, CB-K16/0779, CB-K16/0774, CB-K16/0760, DFN-CERT-2016-1882, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0960, DFN-CERT-2016-0924, DFN-CERT-2016-0835, DFN-CERT-2016-0827, DFN-CERT-2016-0814","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
99210.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP var_unserializer Denial of Service Vulnerability (Windows)","This host is installed with PHP and is prone
993 to denial of service vulnerability.","Installed version: 5.3.10
994Fixed version: 5.6.26",1.3.6.1.4.1.25623.1.0.809322,"CVE-2016-7411",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,3eb8e047-2b8f-4594-8df6-94fa09a23c11,"Successfully exploiting this issue allow
995 remote attackers to cause a denial of service.","Upgrade to PHP version 5.6.26, or later.","PHP versions prior to 5.6.26 on Windows","The flaw is due to improper handling of
996 object-deserialization failures in 'ext/standard/var_unserializer.re' script.","Checks if a vulnerable version is present on the target host.
997Details:
998PHP 'var_unserializer' Denial of Service Vulnerability (Windows)
999(OID: 1.3.6.1.4.1.25623.1.0.809322)
1000Version used: $Revision: 12338 $
1001","Product: cpe:/a:php:php:5.3.10
1002Method: PHP Version Detection (Remote)
1003(OID: 1.3.6.1.4.1.25623.1.0.800109)
1004","93009","CB-K16/1958, CB-K16/1543, CB-K16/1532, CB-K16/1426, DFN-CERT-2016-2063, DFN-CERT-2016-1639, DFN-CERT-2016-1631, DFN-CERT-2016-1495","http://www.php.net/ChangeLog-5.php"
100510.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 05 - Jul16 (Windows)","This host is installed with PHP and is prone
1006 to multiple vulnerabilities.","Installed version: 5.3.10
1007Fixed version: 5.5.38",1.3.6.1.4.1.25623.1.0.808633,"CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,4f126342-9476-49a1-9e21-55b1e8ffd42a,"Successfully exploiting this issue may allow
1008 attackers to cause a denial of service obtain sensitive information from process
1009 memory, or possibly have unspecified other impact.","Upgrade to PHP version 5.5.38, or 5.6.24,
1010 or 7.0.9, or later.","PHP versions before 5.5.38, 5.6.x before
1011 5.6.24, and 7.x before 7.0.9 on Windows","Multiple flaws are due to
1012
1013 - An integer overflow in the 'php_stream_zip_opener' function in
1014 'ext/zip/zip_stream.c' script.
1015
1016 - An integer signedness error in the 'simplestring_addn' function in
1017 'simplestring.c' in xmlrpc-epi.
1018
1019 - The 'ext/snmp/snmp.c' script improperly interacts with the unserialize
1020 implementation and garbage collection.
1021
1022 - The 'locale_accept_from_http' function in 'ext/intl/locale/locale_methods.c'
1023 script does not properly restrict calls to the ICU 'uloc_acceptLanguageFromHTTP'
1024 function.
1025
1026 - An error in the 'exif_process_user_comment' function in 'ext/exif/exif.c'
1027 script.
1028
1029 - An error in the 'exif_process_IFD_in_MAKERNOTE' function in 'ext/exif/exif.c'
1030 script.
1031
1032 - The 'ext/session/session.c' does not properly maintain a certain hash data
1033 structure.
1034
1035 - An integer overflow in the 'virtual_file_ex' function in
1036 'TSRM/tsrm_virtual_cwd.c' script.
1037
1038 - An error in the 'php_url_parse_ex' function in 'ext/standard/url.c' script.","Checks if a vulnerable version is present on the target host.
1039Details:
1040PHP Multiple Vulnerabilities - 05 - Jul16 (Windows)
1041(OID: 1.3.6.1.4.1.25623.1.0.808633)
1042Version used: $Revision: 11961 $
1043","Product: cpe:/a:php:php:5.3.10
1044Method: PHP Version Detection (Remote)
1045(OID: 1.3.6.1.4.1.25623.1.0.800109)
1046","92111, 92074, 92097, 92073, 92078, 92115, 92094, 92095, 92099","CB-K17/1011, CB-K16/1776, CB-K16/1549, CB-K16/1499, CB-K16/1452, CB-K16/1440, CB-K16/1345, CB-K16/1257, CB-K16/1248, CB-K16/1235, CB-K16/1179, CB-K16/1110, DFN-CERT-2017-1046, DFN-CERT-2016-1882, DFN-CERT-2016-1641, DFN-CERT-2016-1590, DFN-CERT-2016-1541, DFN-CERT-2016-1526, DFN-CERT-2016-1431, DFN-CERT-2016-1335, DFN-CERT-2016-1326, DFN-CERT-2016-1310, DFN-CERT-2016-1253, DFN-CERT-2016-1179","http://php.net/ChangeLog-5.php, http://php.net/ChangeLog-7.php, http://openwall.com/lists/oss-security/2016/07/24/2, http://www.php.net"
104710.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - Mar13 (Windows)","This host is running PHP and is prone to multiple vulnerabilities.","Installed version: 5.3.10
1048Fixed version: 5.3.23/5.4.13",1.3.6.1.4.1.25623.1.0.803337,"CVE-2013-1635, CVE-2013-1643",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,10a937d0-44a3-46de-8402-ccfda6641ce8,"Successful exploitation allows attackers to read arbitrary files and write
1049 wsdl files within the context of the affected application.","Upgrade to PHP 5.4.13 or 5.3.23, which will be available soon.","PHP version before 5.3.23 and 5.4.x before 5.4.13","Multiple flaws are due to,
1050
1051 - Does not validate 'soap.wsdl_cache_dir' directive before writing SOAP wsdl
1052 cache files to the filesystem.
1053
1054 - Allows the use of external entities while parsing SOAP wsdl files, issue
1055 in 'soap_xmlParseFile' and 'soap_xmlParseMemory' functions.","Checks if a vulnerable version is present on the target host.
1056Details:
1057PHP Multiple Vulnerabilities - Mar13 (Windows)
1058(OID: 1.3.6.1.4.1.25623.1.0.803337)
1059Version used: $Revision: 11865 $
1060","Product: cpe:/a:php:php:5.3.10
1061Method: PHP Version Detection (Remote)
1062(OID: 1.3.6.1.4.1.25623.1.0.800109)
1063","58224","CB-K13/1037, CB-K13/0712, DFN-CERT-2013-2065, DFN-CERT-2013-1713, DFN-CERT-2013-1494, DFN-CERT-2013-1446, DFN-CERT-2013-1445, DFN-CERT-2013-1444, DFN-CERT-2013-1392, DFN-CERT-2013-1347, DFN-CERT-2013-1179, DFN-CERT-2013-0664, DFN-CERT-2013-0481","http://www.php.net/ChangeLog-5.php, http://bugs.php.net/bug.php?id=64360, http://cxsecurity.com/cveshow/CVE-2013-1635, http://cxsecurity.com/cveshow/CVE-2013-1643, http://bugs.gentoo.org/show_bug.cgi?id=459904, http://www.php.net/downloads.php"
106410.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 02 - Sep16 (Windows)","This host is installed with PHP and is prone
1065 to multiple vulnerabilities.","Installed version: 5.3.10
1066Fixed version: 5.6.25",1.3.6.1.4.1.25623.1.0.809318,"CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,6855340c-e570-4896-b0e2-cd9d41334f17,"Successfully exploiting this issue allow
1067 remote attackers to cause a denial of service, to obtain sensitive information
1068 from process memory, to inject arbitrary-type session data by leveraging control
1069 of a session name.","Upgrade to PHP version 5.6.25, or 7.0.10,
1070 or later.","PHP versions prior to 5.6.25 and
1071 7.x before 7.0.10 on Windows","Multiple flaws are due to
1072
1073 - An invalid wddxPacket XML document that is mishandled in a wddx_deserialize
1074 call in 'ext/wddx/wddx.c' script.
1075
1076 - An error in 'php_wddx_pop_element' function in 'ext/wddx/wddx.c' script.
1077
1078 - An error in 'php_wddx_process_data' function in 'ext/wddx/wddx.c' script.
1079
1080 - Improper handling of the case of a thumbnail offset that exceeds the file
1081 size in 'exif_process_IFD_in_TIFF' function in 'ext/exif/exif.c' script.
1082
1083 - Improper validation of gamma values in 'imagegammacorrect' function
1084 in 'ext/gd/gd.c' script.
1085
1086 - Improper validation of number of colors in 'imagegammacorrect' function
1087 in 'ext/gd/gd.c' script.
1088
1089 - The script 'ext/session/session.c' skips invalid session names in a way that
1090 triggers incorrect parsing.
1091
1092 - Improper handling of certain objects in 'ext/standard/var_unserializer.c'
1093 script.","Checks if a vulnerable version is present on the target host.
1094Details:
1095PHP Multiple Vulnerabilities - 02 - Sep16 (Windows)
1096(OID: 1.3.6.1.4.1.25623.1.0.809318)
1097Version used: $Revision: 12051 $
1098","Product: cpe:/a:php:php:5.3.10
1099Method: PHP Version Detection (Remote)
1100(OID: 1.3.6.1.4.1.25623.1.0.800109)
1101","92756, 92552, 92755, 92757, 92564, 92758","CB-K16/1776, CB-K16/1772, CB-K16/1549, CB-K16/1543, CB-K16/1532, CB-K16/1499, CB-K16/1440, CB-K16/1280, DFN-CERT-2016-1882, DFN-CERT-2016-1878, DFN-CERT-2016-1641, DFN-CERT-2016-1639, DFN-CERT-2016-1631, DFN-CERT-2016-1590, DFN-CERT-2016-1526, DFN-CERT-2016-1359","http://www.php.net/ChangeLog-7.php, http://www.php.net/ChangeLog-5.php"
110210.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)","This host is installed with PHP and is prone
1103 to multiple vulnerabilities.","Installed version: 5.3.10
1104Fixed version: 5.6.26",1.3.6.1.4.1.25623.1.0.809316,"CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,8db90658-0768-4993-953e-6d3c55eca1ea,"Successfully exploiting this issue allow
1105 remote attackers to cause a denial of service, or possibly have unspecified
1106 other impact.","Upgrade to PHP version 5.6.26, or 7.0.11,
1107 or later. ","PHP versions prior to 5.6.26 and
1108 7.x before 7.0.11 on Windows","Multiple flaws are due to,
1109
1110 - Use-after-free vulnerability in the 'wddx_stack_destroy' function
1111 in 'ext/wddx/wddx.c' script.
1112
1113 - Improper varification of a BIT field has the UNSIGNED_FLAG flag
1114 in 'ext/mysqlnd/mysqlnd_wireprotocol.c' script.
1115
1116 - The ZIP signature-verification feature does not ensure that the
1117 uncompressed_filesize field is large enough.
1118
1119 - The script 'ext/spl/spl_array.c' proceeds with SplArray unserialization
1120 without validating a return value and data type.
1121
1122 - The script 'ext/intl/msgformat/msgformat_format.c' does not properly restrict
1123 the locale length provided to the Locale class in the ICU library.
1124
1125 - An error in the php_wddx_push_element function in ext/wddx/wddx.c.","Checks if a vulnerable version is present on the target host.
1126Details:
1127PHP Multiple Vulnerabilities - 03 - Sep16 (Windows)
1128(OID: 1.3.6.1.4.1.25623.1.0.809316)
1129Version used: $Revision: 11811 $
1130","Product: cpe:/a:php:php:5.3.10
1131Method: PHP Version Detection (Remote)
1132(OID: 1.3.6.1.4.1.25623.1.0.800109)
1133","93005, 93006, 93004, 93022, 93008, 93007, 93011","CB-K16/1958, CB-K16/1549, CB-K16/1543, CB-K16/1532, CB-K16/1426, DFN-CERT-2018-0835, DFN-CERT-2016-2063, DFN-CERT-2016-1641, DFN-CERT-2016-1639, DFN-CERT-2016-1631, DFN-CERT-2016-1495","http://www.php.net/ChangeLog-7.php, http://www.php.net/ChangeLog-5.php, http://www.php.net"
113410.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 01 - Aug16 (Windows)","This host is installed with PHP and is prone
1135 to multiple vulnerabilities.","Installed version: 5.3.10
1136Fixed version: 5.5.37",1.3.6.1.4.1.25623.1.0.808787,"CVE-2016-5773, CVE-2016-5772, CVE-2016-5769, CVE-2016-5768, CVE-2016-5766, CVE-2016-5767",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,98dcc3dc-6004-45c1-a5fa-ed5a8f21b944,"Successfully exploiting this issue allow
1137 remote attackers to cause a denial of service (buffer overflow and application
1138 crash) or possibly execute arbitrary code.","Upgrade to PHP version 5.5.37, or 5.6.23,
1139 or 7.0.8, or later. ","PHP versions prior to 5.5.37, 5.6.x before
1140 5.6.23, and 7.x before 7.0.8 on Windows","Multiple flaws are due to,
1141
1142 - The 'php_zip.c' script in the zip extension improperly interacts with the
1143 unserialize implementation and garbage collection.
1144
1145 - The php_wddx_process_data function in 'wddx.c' script in the WDDX extension
1146 mishandled data in a wddx_deserialize call.
1147
1148 - The multiple integer overflows in 'mcrypt.c' script in the mcrypt extension.
1149
1150 - The double free vulnerability in the '_php_mb_regex_ereg_replace_exec'
1151 function in 'php_mbregex.c' script in the mbstring extension.
1152
1153 - An integer overflow in the '_gd2GetHeader' function in 'gd_gd2.c' script in
1154 the GD Graphics Library.
1155
1156 - An integer overflow in the 'gdImageCreate' function in 'gd.c' script in the
1157 GD Graphics Library.","Checks if a vulnerable version is present on the target host.
1158Details:
1159PHP Multiple Vulnerabilities - 01 - Aug16 (Windows)
1160(OID: 1.3.6.1.4.1.25623.1.0.808787)
1161Version used: $Revision: 11811 $
1162","Product: cpe:/a:php:php:5.3.10
1163Method: PHP Version Detection (Remote)
1164(OID: 1.3.6.1.4.1.25623.1.0.800109)
1165","91397, 91398, 91399, 91396, 91395","CB-K17/1575, CB-K17/1461, CB-K17/1252, CB-K16/1868, CB-K16/1776, CB-K16/1722, CB-K16/1629, CB-K16/1600, CB-K16/1452, CB-K16/1257, CB-K16/1230, CB-K16/1179, CB-K16/1115, CB-K16/1106, CB-K16/1077, CB-K16/1070, CB-K16/1045, CB-K16/1030, CB-K16/0975, CB-K16/0966, CB-K16/0965, DFN-CERT-2018-0576, DFN-CERT-2017-1647, DFN-CERT-2017-1529, DFN-CERT-2017-1295, DFN-CERT-2016-1974, DFN-CERT-2016-1882, DFN-CERT-2016-1822, DFN-CERT-2016-1729, DFN-CERT-2016-1697, DFN-CERT-2016-1541, DFN-CERT-2016-1335, DFN-CERT-2016-1295, DFN-CERT-2016-1253, DFN-CERT-2016-1184, DFN-CERT-2016-1178, DFN-CERT-2016-1144, DFN-CERT-2016-1139, DFN-CERT-2016-1110, DFN-CERT-2016-1097, DFN-CERT-2016-1033, DFN-CERT-2016-1022, DFN-CERT-2016-1021","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php, http://www.php.net"
116610.10.0.4,METASPLOITABLE3,8484,tcp,7.5,High,"VendorFix","CloudBees Jenkins Java Deserialization Remote Code Execution Vulnerability (Windows)","This host is installed with CloudBees Jenkins and is prone to
1167 a remote code execution vulnerability.","Installed version: 1.637
1168Fixed version: 2.19.3",1.3.6.1.4.1.25623.1.0.108062,"CVE-2016-9299",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,6a1b1e7b-4495-45df-aa6e-9addc7c351ba,"Successfully exploiting this issue allows attackers to execute arbitrary code in the context of
1169 the affected application. Failed exploits will result in denial-of-service conditions.","Upgrade to CloudBees Jenkins to 2.32 or later / Jenkins LTS to 2.19.3 or
1170 later.","CloudBees Jenkins LTS 2.19.2 and prior, Jenkins 2.31 and prior.","The flaw is due to an Jenkins allowing to transfer a serialized Java object to the Jenkins CLI,
1171 making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading
1172 to code execution, bypassing existing protection mechanisms.","Checks if a vulnerable version is present on the target host.
1173Details:
1174CloudBees Jenkins 'Java Deserialization' Remote Code Execution Vulnerability...
1175(OID: 1.3.6.1.4.1.25623.1.0.108062)
1176Version used: $Revision: 12761 $
1177","Product: cpe:/a:jenkins:jenkins:1.637
1178Method: Jenkins CI Detection
1179(OID: 1.3.6.1.4.1.25623.1.0.111001)
1180","94281","CB-K16/1809, DFN-CERT-2016-1915","https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16, http://www.securityfocus.com/bid/94281, https://jenkins.io/changelog-stable/, https://www.cloudbees.com"
118110.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 03 - Aug16 (Windows)","This host is installed with PHP and is prone
1182 to multiple vulnerabilities.","Installed version: 5.3.10
1183Fixed version: 5.5.36",1.3.6.1.4.1.25623.1.0.808791,"CVE-2016-5096, CVE-2016-5094, CVE-2016-5095",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f945756d-bb8d-49b1-9710-3d32921cfeae,"Successfully exploiting this issue allow
1184 remote attackers to cause a denial of service or possibly have unspecified
1185 other impact.","Upgrade to PHP version 5.5.36, or 5.6.22,
1186 or later. ","PHP versions prior to 5.5.36 and 5.6.x
1187 before 5.6.22 on Windows","Multiple flaws are due to,
1188
1189 - An integer overflow in the fread function in 'ext/standard/file.c' script.
1190
1191 - An integer overflow in the php_html_entities function in
1192 'ext/standard/html.c' script.
1193
1194 - An Integer overflow in the php_escape_html_entities_ex function in
1195 'ext/standard/html.c' script.","Checks if a vulnerable version is present on the target host.
1196Details:
1197PHP Multiple Vulnerabilities - 03 - Aug16 (Windows)
1198(OID: 1.3.6.1.4.1.25623.1.0.808791)
1199Version used: $Revision: 11811 $
1200","Product: cpe:/a:php:php:5.3.10
1201Method: PHP Version Detection (Remote)
1202(OID: 1.3.6.1.4.1.25623.1.0.800109)
1203","90861, 90857, 92144","CB-K16/1982, CB-K16/1776, CB-K16/1179, CB-K16/0944, CB-K16/0937, CB-K16/0912, CB-K16/0911, CB-K16/0909, CB-K16/0796, DFN-CERT-2016-2084, DFN-CERT-2016-1882, DFN-CERT-2016-1253, DFN-CERT-2016-1004, DFN-CERT-2016-0996, DFN-CERT-2016-0972, DFN-CERT-2016-0960, DFN-CERT-2016-0944, DFN-CERT-2016-0847","http://www.php.net/ChangeLog-5.php, http://www.php.net"
120410.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 01 - Jul16 (Windows)","This host is installed with PHP and is prone
1205 to multiple vulnerabilities.","Installed version: 5.3.10
1206Fixed version: 5.5.34",1.3.6.1.4.1.25623.1.0.808198,"CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2015-8865",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,723cd662-6761-4394-abf6-16ff6650ebc1,"Successfully exploiting this issue allow
1207 remote attackers to cause a denial of service (buffer overflow and application
1208 crash) or possibly execute arbitrary code.","Upgrade to PHP version 5.5.34, or 5.6.20,
1209 or 7.0.5, or later.","PHP versions prior to 5.5.34, 5.6.x before
1210 5.6.20, and 7.x before 7.0.5 on Windows","Multiple flaws are due to,
1211
1212 - Multiple integer overflows in the mbfl_strcut function in
1213 'ext/mbstring/libmbfl/mbfl/mbfilter.c' script.
1214
1215 - Format string vulnerability in the php_snmp_error function in
1216 'ext/snmp/snmp.c' script.
1217
1218 - An improper handling of '\0' characters by the 'phar_analyze_path' function
1219 in 'ext/phar/phar.c' script.
1220
1221 - An integer overflow in the 'php_raw_url_encode' function in
1222 'ext/standard/url.c' script.
1223
1224 - An improper handling of continuation-level jumps in 'file_check_mem'
1225 function in 'funcs.c' script.","Checks if a vulnerable version is present on the target host.
1226Details:
1227PHP Multiple Vulnerabilities - 01 - Jul16 (Windows)
1228(OID: 1.3.6.1.4.1.25623.1.0.808198)
1229Version used: $Revision: 12363 $
1230","Product: cpe:/a:php:php:5.3.10
1231Method: PHP Version Detection (Remote)
1232(OID: 1.3.6.1.4.1.25623.1.0.800109)
1233","85800, 85801, 85802, 85991, 85993","CB-K16/1776, CB-K16/1319, CB-K16/0944, CB-K16/0912, CB-K16/0884, CB-K16/0872, CB-K16/0779, CB-K16/0723, CB-K16/0705, CB-K16/0614, CB-K16/0494, DFN-CERT-2018-1161, DFN-CERT-2016-1882, DFN-CERT-2016-1402, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0940, DFN-CERT-2016-0929, DFN-CERT-2016-0835, DFN-CERT-2016-0775, DFN-CERT-2016-0764, DFN-CERT-2016-0659, DFN-CERT-2016-0536","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
123410.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 04 - Aug16 (Windows)","This host is installed with PHP and is prone
1235 to multiple vulnerabilities.","Installed version: 5.3.10
1236Fixed version: 5.5.36",1.3.6.1.4.1.25623.1.0.808793,"CVE-2013-7456, CVE-2016-5093",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,a3de21da-07e9-48ad-abdc-fecd8da26a59,"Successfully exploiting this issue allow
1237 remote attackers to cause a denial of service (out-of-bounds read) or
1238 possibly have unspecified other impact.","Upgrade to PHP version 5.5.36, or 5.6.22,
1239 or 7.0.7, or later.","PHP versions prior to 5.5.36, 5.6.x before
1240 5.6.22, and 7.x before 7.0.7 on Windows","Multiple flaws are due to,
1241
1242 - The 'get_icu_value_internal' function in 'ext/intl/locale/locale_methods.c'
1243 script does not ensure the presence of a '\0' character.
1244
1245 - The 'gd_interpolation.c' script in the GD Graphics Library mishandled
1246 by the imagescale function.","Checks if a vulnerable version is present on the target host.
1247Details:
1248PHP Multiple Vulnerabilities - 04 - Aug16 (Windows)
1249(OID: 1.3.6.1.4.1.25623.1.0.808793)
1250Version used: $Revision: 11961 $
1251","Product: cpe:/a:php:php:5.3.10
1252Method: PHP Version Detection (Remote)
1253(OID: 1.3.6.1.4.1.25623.1.0.800109)
1254","90946, 90859","CB-K16/1776, CB-K16/1179, CB-K16/1045, CB-K16/0944, CB-K16/0937, CB-K16/0912, CB-K16/0911, CB-K16/0909, CB-K16/0801, CB-K16/0796, DFN-CERT-2016-1882, DFN-CERT-2016-1253, DFN-CERT-2016-1110, DFN-CERT-2016-1004, DFN-CERT-2016-0996, DFN-CERT-2016-0972, DFN-CERT-2016-0960, DFN-CERT-2016-0944, DFN-CERT-2016-0857, DFN-CERT-2016-0847","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
125510.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Multiple Vulnerabilities - 02 - Aug16 (Windows)","This host is installed with PHP and is prone
1256 to multiple vulnerabilities.","Installed version: 5.3.10
1257Fixed version: 5.5.37",1.3.6.1.4.1.25623.1.0.808789,"CVE-2016-5771, CVE-2016-5770",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f4c0ed7a-ca43-44ae-b3cf-67a3d5a111c1,"Successfully exploiting this issue allow
1258 remote attackers to cause a denial of service (use-after-free and application
1259 crash) or possibly execute arbitrary code or possibly have unspecified other
1260 impact via a large integer argument.","Upgrade to PHP version 5.5.37, or 5.6.23,
1261 or later.","PHP versions prior to 5.5.37 and 5.6.x
1262 before 5.6.23 on Windows","Multiple flaws are due to,
1263
1264 - The 'spl_array.c' in the SPL extension improperly interacts with the
1265 unserialize implementation and garbage collection.
1266
1267 - The integer overflow in the 'SplFileObject::fread' function in
1268 'spl_directory.c' in the SPL extension.","Checks if a vulnerable version is present on the target host.
1269Details:
1270PHP Multiple Vulnerabilities - 02 - Aug16 (Windows)
1271(OID: 1.3.6.1.4.1.25623.1.0.808789)
1272Version used: $Revision: 12313 $
1273","Product: cpe:/a:php:php:5.3.10
1274Method: PHP Version Detection (Remote)
1275(OID: 1.3.6.1.4.1.25623.1.0.800109)
1276","91401, 91403","CB-K16/2012, CB-K16/1776, CB-K16/1452, CB-K16/1179, CB-K16/1106, CB-K16/1070, CB-K16/1030, CB-K16/0965, DFN-CERT-2018-0576, DFN-CERT-2016-2125, DFN-CERT-2016-1882, DFN-CERT-2016-1541, DFN-CERT-2016-1253, DFN-CERT-2016-1178, DFN-CERT-2016-1139, DFN-CERT-2016-1097, DFN-CERT-2016-1022","http://www.php.net/ChangeLog-5.php"
127710.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"VendorFix","PHP Arbitrary Code Execution Vulnerability - Aug16 (Windows)","This host is installed with PHP and is prone
1278 to arbitrary code execution vulnerability","Installed version: 5.3.10
1279Fixed version: 5.5.27",1.3.6.1.4.1.25623.1.0.808670,"CVE-2015-4116",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,55ca751f-a22d-4b25-90b2-3f38d355259a,"Successfully exploiting this issue allow
1280 remote attackers to execute arbitrary code by triggering a failed
1281 SplMinHeap::compare operation.","Upgrade to PHP version 5.5.27,
1282 or 5.6.11, or later.","PHP versions prior to 5.5.27 and 5.6.x
1283 before 5.6.11 on Windows.","The flaw is due to Use-after-free vulnerability
1284 in the 'spl_ptr_heap_insert' function in 'ext/spl/spl_heap.c'.","Checks if a vulnerable version is present on the target host.
1285Details:
1286PHP Arbitrary Code Execution Vulnerability - Aug16 (Windows)
1287(OID: 1.3.6.1.4.1.25623.1.0.808670)
1288Version used: $Revision: 11961 $
1289","Product: cpe:/a:php:php:5.3.10
1290Method: PHP Version Detection (Remote)
1291(OID: 1.3.6.1.4.1.25623.1.0.800109)
1292","75127","CB-K16/1179, CB-K16/0944, CB-K16/0912, CB-K16/0911, CB-K16/0868, DFN-CERT-2016-1253, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0944, DFN-CERT-2016-0924","http://www.php.net/ChangeLog-5.php"
129310.10.0.4,METASPLOITABLE3,8383,tcp,7.5,High,"VendorFix","ManageEngine Desktop Central Arbitrary File Upload Vulnerability","This host is running ManageEngine Desktop Central and is prone to arbitrary
1294 file upload vulnerability.","It was possible to upload the file ""/openvas-vt_1486194906.jsp"". Please delete this file.
1295Vulnerable url: https://10.10.0.4:8383/agentLogUploader?computerName=DesktopCentral&domainName=webapps&customerId=1&filename=openvas-vt_1486194906.jsp",1.3.6.1.4.1.25623.1.0.803777,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,0ea10892-4a75-434a-8d71-3e5d395b2a0f,"Successful exploitation will allow an attacker to gain arbitrary code
1296 execution on the server.","Apply the patch supplied by the vendor (Patch 80293)","ManageEngine Desktop Central 8.0.0 (build 80293 and below)","The flaw in the AgentLogUploadServlet. This servlet takes input from HTTP
1297 POST and constructs an output file on the server without performing any
1298 sanitisation or even checking if the caller is authenticated.","Send a crafted exploit string via HTTP POST request and check whether it
1299 is able to create the file or not.
1300Details:
1301ManageEngine Desktop Central Arbitrary File Upload Vulnerability
1302(OID: 1.3.6.1.4.1.25623.1.0.803777)
1303Version used: $Revision: 11883 $
1304","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
1305Method: ManageEngine Desktop Central MSP Version Detection
1306(OID: 1.3.6.1.4.1.25623.1.0.805717)
1307","","","http://www.exploit-db.com/exploits/29674, http://security-assessment.com/files/documents/advisory/DesktopCentral%20Arbitrary%20File%20Upload.pdf, http://www.manageengine.com/products/desktop-central"
130810.10.0.4,METASPLOITABLE3,8020,tcp,7.5,High,"VendorFix","ManageEngine Desktop Central Arbitrary File Upload Vulnerability","This host is running ManageEngine Desktop Central and is prone to arbitrary
1309 file upload vulnerability.","It was possible to upload the file ""/openvas-vt_1064513400.jsp"". Please delete this file.
1310Vulnerable url: http://10.10.0.4:8020/agentLogUploader?computerName=DesktopCentral&domainName=webapps&customerId=1&filename=openvas-vt_1064513400.jsp",1.3.6.1.4.1.25623.1.0.803777,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,ce4382b3-b8a4-4d41-be43-95b9ffd3fd48,"Successful exploitation will allow an attacker to gain arbitrary code
1311 execution on the server.","Apply the patch supplied by the vendor (Patch 80293)","ManageEngine Desktop Central 8.0.0 (build 80293 and below)","The flaw in the AgentLogUploadServlet. This servlet takes input from HTTP
1312 POST and constructs an output file on the server without performing any
1313 sanitisation or even checking if the caller is authenticated.","Send a crafted exploit string via HTTP POST request and check whether it
1314 is able to create the file or not.
1315Details:
1316ManageEngine Desktop Central Arbitrary File Upload Vulnerability
1317(OID: 1.3.6.1.4.1.25623.1.0.803777)
1318Version used: $Revision: 11883 $
1319","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
1320Method: ManageEngine Desktop Central MSP Version Detection
1321(OID: 1.3.6.1.4.1.25623.1.0.805717)
1322","","","http://www.exploit-db.com/exploits/29674, http://security-assessment.com/files/documents/advisory/DesktopCentral%20Arbitrary%20File%20Upload.pdf, http://www.manageengine.com/products/desktop-central"
132310.10.0.4,METASPLOITABLE3,8585,tcp,7.5,High,"Mitigation","Test HTTP dangerous methods","Misconfigured web servers allows remote clients to perform
1324 dangerous HTTP methods such as PUT and DELETE. This script
1325 checks if they are enabled and can be misused to upload or delete files.","We could upload the following files via the PUT method at this web server:
1326
1327http://10.10.0.4:8585/uploads/puttest1196817498.html
1328
1329We could delete the following files via the DELETE method at this web server:
1330
1331http://10.10.0.4:8585/uploads/puttest1196817498.html",1.3.6.1.4.1.25623.1.0.10498,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,bde72083-111b-4315-b1ee-59993243f6a3,"- Enabled PUT method: This might allow an attacker to upload and run arbitrary code on this web server.
1332
1333 - Enabled DELETE method: This might allow an attacker to delete additional files on this web server.","Use access restrictions to these dangerous HTTP methods
1334 or disable them completely.","","","
1335Details:
1336Test HTTP dangerous methods
1337(OID: 1.3.6.1.4.1.25623.1.0.10498)
1338Version used: $Revision: 9335 $
1339","","12141","","OWASP:OWASP-CM-001"
134010.10.0.4,METASPLOITABLE3,8383,tcp,7.5,High,"VendorFix","ZOHO ManageEngine Desktop Central Multiple Vulnerabilities-Apr18","This host is installed with ManageEngine
1341 Desktop Central and is prone to multiple vulnerabilities","Vulnerable url: https://10.10.0.4:8383/jsp/admin/DBQueryExecutor.jsp?actionFrom=getResult&query=SELECT%20*%20from%20aaauser;",1.3.6.1.4.1.25623.1.0.813213,"CVE-2018-5337, CVE-2018-5338, CVE-2018-5339, CVE-2018-5341",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,24dc6ee5-d2b8-401b-9d47-c6a7d0727372,"Successful exploitation will allow attackers
1342 to write arbitrary files, gain access to unrestricted resources and execute
1343 remote code.","Upgrade to ManageEngine Desktop Central build
1344 version 10.0.208 or later. For updates refer to Reference links.","Zoho ManageEngine Desktop Central version
1345 10.0.184 and prior.","Multiple flaws are due to,
1346
1347 - The missing authentication/authorization on a database query mechanism.
1348
1349 - An insufficient enforcement of database query type restrictions.
1350
1351 - The missing server side check on file type/extension when uploading and
1352 modifying scripts and
1353
1354 - The directory traversal in SCRIPT_NAME field when modifying existing
1355 scripts","Send the crafted HTTP GET request and
1356 confirm SQL query execution from the response.
1357Details:
1358ZOHO ManageEngine Desktop Central Multiple Vulnerabilities-Apr18
1359(OID: 1.3.6.1.4.1.25623.1.0.813213)
1360Version used: $Revision: 12116 $
1361","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
1362Method: ManageEngine Desktop Central MSP Version Detection
1363(OID: 1.3.6.1.4.1.25623.1.0.805717)
1364","","","https://www.manageengine.com, https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central"
136510.10.0.4,METASPLOITABLE3,8022,tcp,7.5,High,"VendorFix","ZOHO ManageEngine Desktop Central Multiple Vulnerabilities-Apr18","This host is installed with ManageEngine
1366 Desktop Central and is prone to multiple vulnerabilities","Vulnerable url: http://10.10.0.4:8022/jsp/admin/DBQueryExecutor.jsp?actionFrom=getResult&query=SELECT%20*%20from%20aaauser;",1.3.6.1.4.1.25623.1.0.813213,"CVE-2018-5337, CVE-2018-5338, CVE-2018-5339, CVE-2018-5341",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7a1858a6-5999-4739-8d0a-cf058e77c6d7,"Successful exploitation will allow attackers
1367 to write arbitrary files, gain access to unrestricted resources and execute
1368 remote code.","Upgrade to ManageEngine Desktop Central build
1369 version 10.0.208 or later. For updates refer to Reference links.","Zoho ManageEngine Desktop Central version
1370 10.0.184 and prior.","Multiple flaws are due to,
1371
1372 - The missing authentication/authorization on a database query mechanism.
1373
1374 - An insufficient enforcement of database query type restrictions.
1375
1376 - The missing server side check on file type/extension when uploading and
1377 modifying scripts and
1378
1379 - The directory traversal in SCRIPT_NAME field when modifying existing
1380 scripts","Send the crafted HTTP GET request and
1381 confirm SQL query execution from the response.
1382Details:
1383ZOHO ManageEngine Desktop Central Multiple Vulnerabilities-Apr18
1384(OID: 1.3.6.1.4.1.25623.1.0.813213)
1385Version used: $Revision: 12116 $
1386","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
1387Method: ManageEngine Desktop Central MSP Version Detection
1388(OID: 1.3.6.1.4.1.25623.1.0.805717)
1389","","","https://www.manageengine.com, https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central"
139010.10.0.4,METASPLOITABLE3,8020,tcp,7.5,High,"VendorFix","ZOHO ManageEngine Desktop Central Multiple Vulnerabilities-Apr18","This host is installed with ManageEngine
1391 Desktop Central and is prone to multiple vulnerabilities","Vulnerable url: http://10.10.0.4:8020/jsp/admin/DBQueryExecutor.jsp?actionFrom=getResult&query=SELECT%20*%20from%20aaauser;",1.3.6.1.4.1.25623.1.0.813213,"CVE-2018-5337, CVE-2018-5338, CVE-2018-5339, CVE-2018-5341",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,d38e481f-c8ba-4d9f-9aed-15f0bae530cf,"Successful exploitation will allow attackers
1392 to write arbitrary files, gain access to unrestricted resources and execute
1393 remote code.","Upgrade to ManageEngine Desktop Central build
1394 version 10.0.208 or later. For updates refer to Reference links.","Zoho ManageEngine Desktop Central version
1395 10.0.184 and prior.","Multiple flaws are due to,
1396
1397 - The missing authentication/authorization on a database query mechanism.
1398
1399 - An insufficient enforcement of database query type restrictions.
1400
1401 - The missing server side check on file type/extension when uploading and
1402 modifying scripts and
1403
1404 - The directory traversal in SCRIPT_NAME field when modifying existing
1405 scripts","Send the crafted HTTP GET request and
1406 confirm SQL query execution from the response.
1407Details:
1408ZOHO ManageEngine Desktop Central Multiple Vulnerabilities-Apr18
1409(OID: 1.3.6.1.4.1.25623.1.0.813213)
1410Version used: $Revision: 12116 $
1411","Product: cpe:/a:zohocorp:manageengine_desktop_central:91084
1412Method: ManageEngine Desktop Central MSP Version Detection
1413(OID: 1.3.6.1.4.1.25623.1.0.805717)
1414","","","https://www.manageengine.com, https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central"
141510.10.0.4,METASPLOITABLE3,8585,tcp,7.1,High,"VendorFix","PHP Denial of Service Vulnerability - 01 - Jul16 (Windows)","This host is installed with PHP and is prone
1416 to denial of service vulnerability.","Installed version: 5.3.10
1417Fixed version: 5.5.28",1.3.6.1.4.1.25623.1.0.808612,"CVE-2015-8878",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f8c6eb9e-2048-4170-a2f2-2e3b6bf441a4,"Successfully exploiting this issue allow remote
1418 attackers to cause a denial of service (race condition and heap memory corruption)
1419 by leveraging an application that performs many temporary-file accesses.","Upgrade to PHP version 5.5.28, or 5.6.12,
1420 or later. ","PHP versions prior to 5.5.28 and 5.6.x
1421 before 5.6.12 on Windows","The flaw is due to script
1422 'main/php_open_temporary_file.c' does not ensure thread safety.","Checks if a vulnerable version is present on the target host.
1423Details:
1424PHP Denial of Service Vulnerability - 01 - Jul16 (Windows)
1425(OID: 1.3.6.1.4.1.25623.1.0.808612)
1426Version used: $Revision: 11811 $
1427","Product: cpe:/a:php:php:5.3.10
1428Method: PHP Version Detection (Remote)
1429(OID: 1.3.6.1.4.1.25623.1.0.800109)
1430","90837","","http://www.php.net/ChangeLog-5.php, http://www.php.net"
143110.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","PHP Multiple Denial of Service Vulnerabilities - 01 - Dec15 (Windows)","This host is installed with PHP and is prone
1432 to multiple denial of service vulnerabilities.","Installed Version: 5.3.10
1433Fixed Version: 5.5.30",1.3.6.1.4.1.25623.1.0.806648,"CVE-2015-7804, CVE-2015-7803",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7e4106f5-6989-4b76-82a3-c3ba48ead19a,"Successfully exploiting this issue allow
1434 remote attackers to cause a denial of service (NULL pointer dereference and
1435 application crash).","Upgrade to PHP 5.5.30 or 5.6.14 or
1436 later.","PHP versions before 5.5.30 and 5.6.x
1437 before 5.6.14","Multiple flaws are due to,
1438
1439 - An Off-by-one error in the 'phar_parse_zipfile' function within ext/phar/zip.c
1440 script.
1441
1442 - An error in the 'phar_get_entry_data' function in ext/phar/util.c script.","Checks if a vulnerable version is present on the target host.
1443Details:
1444PHP Multiple Denial of Service Vulnerabilities - 01 - Dec15 (Windows)
1445(OID: 1.3.6.1.4.1.25623.1.0.806648)
1446Version used: $Revision: 11872 $
1447","Product: cpe:/a:php:php:5.3.10
1448Method: PHP Version Detection (Remote)
1449(OID: 1.3.6.1.4.1.25623.1.0.800109)
1450","76959","CB-K16/0944, CB-K16/0912, CB-K16/0623, CB-K16/0422, CB-K16/0161, CB-K16/0136, CB-K15/1792, CB-K15/1453, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0676, DFN-CERT-2016-0460, DFN-CERT-2016-0176, DFN-CERT-2016-0154, DFN-CERT-2015-1898, DFN-CERT-2015-1530","http://www.php.net/ChangeLog-5.php, https://bugs.php.net/bug.php?id=70433, http://www.openwall.com/lists/oss-security/2015/10/05/8"
145110.10.0.4,METASPLOITABLE3,8484,tcp,6.8,Medium,"VendorFix","Jenkins CSRF Protection Delay Vulnerability (Windows)","A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization.","Installed version: 1.637
1452Fixed version: 2.95",1.3.6.1.4.1.25623.1.0.112197,"CVE-2017-1000504",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b5054d0d-98af-4229-a61e-932a3566107a,"Successfully exploiting this issue would reduce the system security severely.","Upgrade to Jenkins weekly to 2.95 or later / Jenkins LTS to 2.89.2 or
1453 later.","Jenkins LTS 2.89.1, Jenkins weekly up to and including 2.94.","There's a very short window of time after startup during which Jenkins may no longer show the
1454'Please wait while Jenkins is getting ready to work' message, but Cross-Site Request Forgery (CSRF) protection may not yet be effective.","Checks if a vulnerable version is present on the target host.
1455Details:
1456Jenkins CSRF Protection Delay Vulnerability (Windows)
1457(OID: 1.3.6.1.4.1.25623.1.0.112197)
1458Version used: $Revision: 12761 $
1459","Product: cpe:/a:jenkins:jenkins:1.637
1460Method: Jenkins CI Detection
1461(OID: 1.3.6.1.4.1.25623.1.0.111001)
1462","","","https://jenkins.io/security/advisory/2017-12-14/, https://www.cloudbees.com"
146310.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","WordPress < 4.7.1 Multiple Security Vulnerabilities (Windows)","This host is running WordPress and is prone
1464 to multiple security vulnerabilities.","Installed version: 4.6.1
1465Fixed version: 4.7.1",1.3.6.1.4.1.25623.1.0.108047,"CVE-2017-5493, CVE-2017-5492, CVE-2017-5491, CVE-2017-5490, CVE-2017-5489, CVE-2017-5488, CVE-2017-5487, CVE-2016-10066",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,36c66fdc-474a-4fb6-a152-6a8a24aa5e3a,"Successfully exploiting this issue allow
1466 remote attacker to e.g. obtain sensitive information or inject arbitrary web script or HTML.","Upgrade to WordPress version 4.7.1.","WordPress versions 4.7 and earlier on Windows.","Multiple flaws are due to:
1467
1468 - Cross-site scripting (XSS) via the plugin name or version header on update-core.php
1469
1470 - Cross-site request forgery (CSRF) bypass via uploading a Flash file
1471
1472 - Cross-site scripting (XSS) via theme name fallback
1473
1474 - Post via email checks mail.example.com if default settings are not changed
1475
1476 - Cross-site request forgery (CSRF) in the accessibility mode of widget editing
1477
1478 - Weak cryptographic security for multisite activation key","Checks if a vulnerable version is present on the target host.
1479Details:
1480WordPress < 4.7.1 Multiple Security Vulnerabilities (Windows)
1481(OID: 1.3.6.1.4.1.25623.1.0.108047)
1482Version used: $Revision: 11874 $
1483","Product: cpe:/a:wordpress:wordpress:4.6.1
1484Method: WordPress Version Detection
1485(OID: 1.3.6.1.4.1.25623.1.0.900182)
1486","","CB-K17/0060, DFN-CERT-2017-0193, DFN-CERT-2017-0056","https://wpvulndb.com/wordpresses/47, https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/"
148710.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","PHP XML Entity Expansion And XML External Entity Vulnerabilities (Windows)","This host is installed with PHP and is prone
1488 to XML entity expansion and XML external entity vulnerabilities","Installed version: 5.3.10
1489Fixed version: 5.5.22",1.3.6.1.4.1.25623.1.0.808614,"CVE-2015-8866",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,e04f4bda-b88b-4612-95d5-7f73c58be291,"Successfully exploiting this issue allow
1490 remote attackers to conduct XML External Entity (XXE) and XML Entity
1491 Expansion (XEE) attacks.","Upgrade to PHP version 5.5.22, or 5.6.6,
1492 or later. ","PHP versions prior to 5.5.22 and 5.6.x
1493 before 5.6.6 on Windows","The flaw is due to script 'ext/libxml/libxml.c'
1494 does not isolate each thread from 'libxml_disable_entity_loader' when
1495 PHP-FPM is used.","Checks if a vulnerable version is present on the target host.
1496Details:
1497PHP XML Entity Expansion And XML External Entity Vulnerabilities (Windows)
1498(OID: 1.3.6.1.4.1.25623.1.0.808614)
1499Version used: $Revision: 11811 $
1500","Product: cpe:/a:php:php:5.3.10
1501Method: PHP Version Detection (Remote)
1502(OID: 1.3.6.1.4.1.25623.1.0.800109)
1503","87470","CB-K18/0028, CB-K16/1776, CB-K16/0944, CB-K16/0912, CB-K16/0705, CB-K16/0614, DFN-CERT-2018-0010, DFN-CERT-2016-1882, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0764, DFN-CERT-2016-0659","http://www.php.net/ChangeLog-5.php, http://www.php.net"
150410.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","WordPress < 4.7.5 Multiple Security Vulnerabilities (Win)","WordPress is prone to the following security vulnerabilities.","Installed version: 4.6.1
1505Fixed version: 4.7.5",1.3.6.1.4.1.25623.1.0.107200,"CVE-2017-9061, CVE-2017-9062, CVE-2017-9063, CVE-2017-9064, CVE-2017-9065, CVE-2017-9066",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,768302a5-7f5e-4bfa-8e08-97eccaa922a9,"An attacker may leverage these issues to execute HTML and script
1506 code in the browser of an unsuspecting user in the context of the affected site, perform certain
1507 unauthorized actions actions, or bypass certain security restrictions.","Update to 4.7.5.","WordPress prior to 4.7.5 versions are vulnerable","WordPress is prone to the following security vulnerabilities:
1508
1509 1. An open-redirect vulnerability
1510
1511 2. Multiple security-bypass vulnerabilities
1512
1513 3. Multiple cross-site scripting vulnerabilities
1514
1515 4. A cross-site request-forgery vulnerability","Checks if a vulnerable version is present on the target host.
1516Details:
1517WordPress < 4.7.5 Multiple Security Vulnerabilities (Win)
1518(OID: 1.3.6.1.4.1.25623.1.0.107200)
1519Version used: $Revision: 11863 $
1520","Product: cpe:/a:wordpress:wordpress:4.6.1
1521Method: WordPress Version Detection
1522(OID: 1.3.6.1.4.1.25623.1.0.900182)
1523","","CB-K18/0122, CB-K17/0831, DFN-CERT-2018-0126, DFN-CERT-2017-0859","http://www.securityfocus.com/bid/98509"
152410.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","WampServer < 3.1.3 CSRF Vulnerability","WampServer is prone to a cross site request forgery (CSRF) vulnerability.","Installed version: 2.2
1525Fixed version: 3.1.3",1.3.6.1.4.1.25623.1.0.140891,"CVE-2018-8817",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7b6bc9b5-39b2-42ab-975a-291721dda362,"","Update to version 3.1.3 or later.","WampServer 3.1.2 and prior.","","Checks if a vulnerable version is present on the target host.
1526Details:
1527WampServer < 3.1.3 CSRF Vulnerability
1528(OID: 1.3.6.1.4.1.25623.1.0.140891)
1529Version used: $Revision: 12116 $
1530","Product: cpe:/a:wampserver:wampserver:2.2
1531Method: WampServer Version Detection
1532(OID: 1.3.6.1.4.1.25623.1.0.800297)
1533","","","http://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage%3D6%23msg-150722"
153410.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","PHP PHP-FPM Denial of Service Vulnerability (Windows)","This host is installed with PHP and is prone
1535 to denial of service vulnerability.","Installed version: 5.3.10
1536Fixed version: 7.1.20
1537Installation
1538path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.812519,"CVE-2015-9253",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7f149e02-9a3b-4fcf-b84e-5b55ab1e7e04,"Successfully exploitation will allow an
1539 attackers to consume 100% of the CPU, and consume disk space with a large
1540 volume of error logs, as demonstrated by an attack by a customer of a
1541 shared-hosting facility.","Update to PHP 7.1.20, 7.2.8 or 7.3.0alpha3.","PHP versions 5.x up to and including 5.6.36. All 7.0.x versions,
1542 7.1.x before 7.1.20, 7.2.x before 7.2.8 and 7.3.x before 7.3.0alpha3 on Windows.","The flaw exist due to the php-fpm master
1543 process restarts a child process in an endless loop when using program
1544 execution functions with a non-blocking STDIN stream.","Checks if a vulnerable version is present on the target host.
1545Details:
1546PHP 'PHP-FPM' Denial of Service Vulnerability (Windows)
1547(OID: 1.3.6.1.4.1.25623.1.0.812519)
1548Version used: $Revision: 12762 $
1549","Product: cpe:/a:php:php:5.3.10
1550Method: PHP Version Detection (Remote)
1551(OID: 1.3.6.1.4.1.25623.1.0.800109)
1552","","DFN-CERT-2018-1882","https://bugs.php.net/bug.php?id=73342, https://bugs.php.net/bug.php?id=70185, https://github.com/php/php-src/pull/3287, https://www.futureweb.at/security/CVE-2015-9253, https://vuldb.com//?id.113566"
155310.10.0.4,METASPLOITABLE3,8282,tcp,6.8,Medium,"VendorFix","Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)","This host is installed with Apache Tomcat
1554 and is prone to information disclosure vulnerability.","Installed version: 8.0.33
1555Fixed version: 8.0.39",1.3.6.1.4.1.25623.1.0.810717,"CVE-2016-6816",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f96e856f-e61d-4b6f-bbad-a8fe3b6bb4c3,"Successful exploitation will allows remote
1556 attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive
1557 information from requests other then their own.","Upgrade to version 9.0.0.M13,
1558 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.","Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,
1559 Apache Tomcat versions 8.5.0 to 8.5.6,
1560 Apache Tomcat versions 8.0.0.RC1 to 8.0.38,
1561 Apache Tomcat versions 7.0.0 to 7.0.72, and
1562 Apache Tomcat versions 6.0.0 to 6.0.47 on Windows.","The code that parsed the HTTP request line
1563 permitted invalid characters. This could be exploited, in conjunction with a
1564 proxy that also permitted the invalid characters but with a different
1565 interpretation, to inject data into the HTTP response.","Checks if a vulnerable version is present on the target host.
1566Details:
1567Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Window...
1568(OID: 1.3.6.1.4.1.25623.1.0.810717)
1569Version used: $Revision: 11959 $
1570","Product: cpe:/a:apache:tomcat:8.0.33
1571Method: Apache Tomcat Version Detection
1572(OID: 1.3.6.1.4.1.25623.1.0.800371)
1573","94461","CB-K17/1746, CB-K17/1060, CB-K17/1033, CB-K17/0444, CB-K17/0397, CB-K17/0198, CB-K17/0133, CB-K17/0090, CB-K16/1976, CB-K16/1927, CB-K16/1815, DFN-CERT-2017-1822, DFN-CERT-2017-1095, DFN-CERT-2017-1068, DFN-CERT-2017-0456, DFN-CERT-2017-0404, DFN-CERT-2017-0203, DFN-CERT-2017-0137, DFN-CERT-2017-0095, DFN-CERT-2016-2090, DFN-CERT-2016-2035, DFN-CERT-2016-1922","https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48, https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73, https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39, https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8, https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13, https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure, http://tomcat.apache.org"
157410.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","PHP Multiple Vulnerabilities May18 (Windows)","The host is installed with php and is prone
1575 to multiple vulnerabilities.","Installed version: 5.3.10
1576Fixed version: 5.6.36
1577Installation
1578path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.813159,"CVE-2018-10549, CVE-2018-10546, CVE-2018-10548, CVE-2018-10547",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,8fb96af8-a422-4001-8f4d-74dad9326212,"Successful exploitation will allow an attacker
1579 to conduct XSS attacks, crash PHP, conduct denial-of-service condition and
1580 execute arbitrary code in the context of the affected application.","Upgrade to version 7.2.5 or 7.0.30 or
1581 5.6.36 or 7.1.17 or later. For updates refer to Reference links.","PHP versions prior to 5.6.36,
1582
1583 PHP versions 7.2.x prior to 7.2.5,
1584
1585 PHP versions 7.0.x prior to 7.0.30,
1586
1587 PHP versions 7.1.x prior to 7.1.17 on Windows.","Multiple flaws exists due to
1588
1589 - An out of bounds read error in 'exif_read_data' function while processing
1590 crafted JPG data.
1591
1592 - An error in stream filter 'convert.iconv' which leads to infinite loop on
1593 invalid sequence.
1594
1595 - An error in the LDAP module of PHP which allows a malicious LDAP server or
1596 man-in-the-middle attacker to crash PHP.
1597
1598 - An error in the 'phar_do_404()' function in 'ext/phar/phar_object.c' script
1599 which returns parts of the request unfiltered, leading to another XSS vector.
1600 This is due to incomplete fix for CVE-2018-5712.","Checks if a vulnerable version is present on the target host.
1601Details:
1602PHP Multiple Vulnerabilities May18 (Windows)
1603(OID: 1.3.6.1.4.1.25623.1.0.813159)
1604Version used: $Revision: 12120 $
1605","Product: cpe:/a:php:php:5.3.10
1606Method: PHP Version Detection (Remote)
1607(OID: 1.3.6.1.4.1.25623.1.0.800109)
1608","","CB-K18/0633, DFN-CERT-2018-1232, DFN-CERT-2018-0920, DFN-CERT-2018-0877","http://www.php.net/ChangeLog-5.php#5.6.36, http://www.php.net/ChangeLog-7.php#7.0.30, http://www.php.net/ChangeLog-7.php#7.1.17, http://www.php.net/ChangeLog-7.php#7.2.5"
160910.10.0.4,METASPLOITABLE3,8282,tcp,6.8,Medium,"Mitigation","Apache Tomcat servlet/JSP container default files","The Apache Tomcat servlet/JSP container has default files installed.","The following default files were found :
1610http://10.10.0.4:8282/examples/servlets/index.html
1611http://10.10.0.4:8282/examples/jsp/snp/snoop.jsp
1612http://10.10.0.4:8282/examples/jsp/index.html",1.3.6.1.4.1.25623.1.0.12085,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,00dd7894-87e6-4309-87c2-16a5d094d774,"These files should be removed as they may help an attacker to guess the
1613 exact version of the Apache Tomcat which is running on this host and may
1614 provide other useful information.","Remove default files, example JSPs and Servlets from the Tomcat
1615 Servlet/JSP container.","","Default files, such as documentation, default Servlets and JSPs were found on
1616 the Apache Tomcat servlet/JSP container.","
1617Details:
1618Apache Tomcat servlet/JSP container default files
1619(OID: 1.3.6.1.4.1.25623.1.0.12085)
1620Version used: $Revision: 4355 $
1621","Product: cpe:/a:apache:tomcat:8.0.33
1622Method: Apache Tomcat Version Detection
1623(OID: 1.3.6.1.4.1.25623.1.0.800371)
1624","","",""
162510.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","PHP Sessions Subsystem Session Fixation Vulnerability - Aug13 (Windows)","This host is running PHP and is prone to session fixation vulnerability.","Installed version: 5.3.10
1626Fixed version: 5.5.2",1.3.6.1.4.1.25623.1.0.803737,"CVE-2011-4718",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f8f8786e-9255-45e8-a6ff-cec9ee99a401,"Successful exploitation will allow attackers to hijack web sessions by
1627 specifying a session ID.","Upgrade to PHP version 5.5.2 or later.","PHP version prior to 5.5.2 on Windows.","PHP contains an unspecified flaw in the Sessions subsystem.","Checks if a vulnerable version is present on the target host.
1628Details:
1629PHP Sessions Subsystem Session Fixation Vulnerability - Aug13 (Windows)
1630(OID: 1.3.6.1.4.1.25623.1.0.803737)
1631Version used: $Revision: 11865 $
1632","Product: cpe:/a:php:php:5.3.10
1633Method: PHP Version Detection (Remote)
1634(OID: 1.3.6.1.4.1.25623.1.0.800109)
1635","","DFN-CERT-2013-1538","http://secunia.com/advisories/54562, http://cxsecurity.com/cveshow/CVE-2011-4718, http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f, http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde, http://php.net"
163610.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","PHP Multiple Vulnerabilities - Dec19 (Windows)","This host is installed with PHP and is prone
1637 to multiple security vulnerabilities.","Installed version: 5.3.10
1638Fixed version: 5.6.39
1639Installation
1640path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.108508,"CVE-2018-19518",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,bc9495bc-95f1-4eaf-9bdf-909465b80685,"Successful exploitation will allow remote
1641 attackers to execute remote code on affected application/system.","Update to version 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0 or later.","PHP versions 5.x before 5.6.39, 7.0.x before 7.0.33, 7.1.x before 7.1.25
1642 and 7.2.x before 7.2.13.","The flaws exist due to,
1643
1644 - the imap_open functions which allows to run arbitrary shell commands via mailbox parameter.
1645
1646 - a Heap Buffer Overflow (READ: 4) in phar_parse_pharfile.","Checks if a vulnerable version is present on the target host.
1647Details:
1648PHP Multiple Vulnerabilities - Dec19 (Windows)
1649(OID: 1.3.6.1.4.1.25623.1.0.108508)
1650Version used: $Revision: 12752 $
1651","Product: cpe:/a:php:php:5.3.10
1652Method: PHP Version Detection (Remote)
1653(OID: 1.3.6.1.4.1.25623.1.0.800109)
1654","106018","CB-K18/1118, DFN-CERT-2018-2488, DFN-CERT-2018-2476","https://bugs.php.net/bug.php?id=76428, https://bugs.php.net/bug.php?id=77153, https://bugs.php.net/bug.php?id=77160, http://www.securityfocus.com/bid/106018, https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php, https://www.exploit-db.com/exploits/45914/, https://www.openwall.com/lists/oss-security/2018/11/22/3"
165510.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","PHP XML Handling Heap Buffer Overflow Vulnerability - Jul13 (Windows)","This host is running PHP and is prone to heap based buffer overflow
1656 vulnerability.","Installed version: 5.3.10
1657Fixed version: 5.3.27",1.3.6.1.4.1.25623.1.0.803729,"CVE-2013-4113",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,e506cc31-9178-48f4-9d90-0f51aa655a33,"Successful exploitation will allow attackers to cause a heap-based buffer
1658 overflow, resulting in a denial of service or potentially allowing the
1659 execution of arbitrary code.","Upgrade to PHP version 5.3.27 or later.","PHP version prior to 5.3.27","The flaw is triggered as user-supplied input is not properly validated when
1660 handling malformed XML input.","Checks if a vulnerable version is present on the target host.
1661Details:
1662PHP XML Handling Heap Buffer Overflow Vulnerability - Jul13 (Windows)
1663(OID: 1.3.6.1.4.1.25623.1.0.803729)
1664Version used: $Revision: 11865 $
1665","Product: cpe:/a:php:php:5.3.10
1666Method: PHP Version Detection (Remote)
1667(OID: 1.3.6.1.4.1.25623.1.0.800109)
1668","61128","CB-K17/1176, CB-K15/0689, CB-K14/0231, CB-K13/0802, DFN-CERT-2017-1209, DFN-CERT-2015-0724, DFN-CERT-2013-1494, DFN-CERT-2013-1450, DFN-CERT-2013-1446, DFN-CERT-2013-1445, DFN-CERT-2013-1444, DFN-CERT-2013-1392, DFN-CERT-2013-1347, DFN-CERT-2013-1331, DFN-CERT-2013-1316, DFN-CERT-2013-1315, DFN-CERT-2013-1299","http://php.net/ChangeLog-5.php, https://bugs.php.net/bug.php?id=65236, http://seclists.org/oss-sec/2013/q3/88, http://seclists.org/bugtraq/2013/Jul/106"
166910.10.0.4,METASPLOITABLE3,8585,tcp,6.8,Medium,"VendorFix","PHP Denial of Service And Unspecified Vulnerabilities - 02 - Jul16 (Windows)","This host is installed with PHP and is prone
1670 to denial of service and unspecified Vulnerabilities","Installed version: 5.3.10
1671Fixed version: 5.6.18",1.3.6.1.4.1.25623.1.0.808608,"CVE-2016-4343",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,53719df8-d196-4236-8bcc-4425c14aa160,"Successfully exploiting this issue allow
1672 remote attackers to cause a denial of service (heap memory corruption) or
1673 possibly have unspecified other impact.","Upgrade to PHP version 5.6.18, or 7.0.3,
1674 or later.","PHP versions prior to 5.6.18 and 7.x before
1675 7.0.3 on Windows","The flaw is due an improper handling of
1676 zero-size '././@LongLink' files by 'phar_make_dirstream' function in
1677 ext/phar/dirstream.c script.","Checks if a vulnerable version is present on the target host.
1678Details:
1679PHP Denial of Service And Unspecified Vulnerabilities - 02 - Jul16 (Windows)
1680(OID: 1.3.6.1.4.1.25623.1.0.808608)
1681Version used: $Revision: 11903 $
1682","Product: cpe:/a:php:php:5.3.10
1683Method: PHP Version Detection (Remote)
1684(OID: 1.3.6.1.4.1.25623.1.0.800109)
1685","89179","CB-K16/1776, CB-K16/0796, CB-K16/0779, CB-K16/0760, DFN-CERT-2016-1882, DFN-CERT-2016-0847, DFN-CERT-2016-0835, DFN-CERT-2016-0814","http://www.php.net/ChangeLog-5.php, http://www.openwall.com/lists/oss-security/2016/04/28/2"
168610.10.0.4,METASPLOITABLE3,8282,tcp,6.8,Medium,"VendorFix","Apache Struts REST Plugin With XStream Handler RCE Vulnerability","This host is running Apache Struts and is
1687 prone to remote code execution vulnerability.","It was possible to execute command remotely at http://10.10.0.4:8282/struts2-rest-showcase/orders/3 with the command '<string>ping</string><string>-n</string><string>3</string><string>10.10.0.16</string>'.",1.3.6.1.4.1.25623.1.0.811730,"CVE-2017-9805",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,139f4ebf-28cd-4aa9-a437-b425cb4af2a7,"Successfully exploiting this issue may allow
1688 an attacker to execute arbitrary code in the context of the affected application.
1689 Failed exploit attempts will likely result in denial-of-service conditions.","Upgrade to Apache Struts version 2.5.13
1690 or 2.3.34 or later.","Apache Struts versions 2.5 through 2.5.12,
1691 2.1.2 through 2.3.33.","The flaw exists within the REST plugin which
1692 is using a XStreamHandler with an instance of XStream for deserialization
1693 without any type filtering.","Send a crafted HTTP POST request and check
1694 whether we are able to execute arbitrary code or not.
1695Details:
1696Apache Struts 'REST Plugin With XStream Handler' RCE Vulnerability
1697(OID: 1.3.6.1.4.1.25623.1.0.811730)
1698Version used: $Revision: 11874 $
1699","","100609","CB-K17/1612, CB-K17/1489, DFN-CERT-2017-1688, DFN-CERT-2017-1554","https://struts.apache.org/docs/s2-052.html, http://struts.apache.org"
170010.10.0.4,METASPLOITABLE3,8022,tcp,6.8,Medium,"VendorFix","Apache Struts REST Plugin With XStream Handler RCE Vulnerability","This host is running Apache Struts and is
1701 prone to remote code execution vulnerability.","It was possible to execute command remotely at http://10.10.0.4:8022/struts2-rest-showcase/orders/3 with the command '<string>ping</string><string>-n</string><string>3</string><string>10.10.0.16</string>'.",1.3.6.1.4.1.25623.1.0.811730,"CVE-2017-9805",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,93ebf587-fbc2-4188-a501-4dbf978b5165,"Successfully exploiting this issue may allow
1702 an attacker to execute arbitrary code in the context of the affected application.
1703 Failed exploit attempts will likely result in denial-of-service conditions.","Upgrade to Apache Struts version 2.5.13
1704 or 2.3.34 or later.","Apache Struts versions 2.5 through 2.5.12,
1705 2.1.2 through 2.3.33.","The flaw exists within the REST plugin which
1706 is using a XStreamHandler with an instance of XStream for deserialization
1707 without any type filtering.","Send a crafted HTTP POST request and check
1708 whether we are able to execute arbitrary code or not.
1709Details:
1710Apache Struts 'REST Plugin With XStream Handler' RCE Vulnerability
1711(OID: 1.3.6.1.4.1.25623.1.0.811730)
1712Version used: $Revision: 11874 $
1713","","100609","CB-K17/1612, CB-K17/1489, DFN-CERT-2017-1688, DFN-CERT-2017-1554","https://struts.apache.org/docs/s2-052.html, http://struts.apache.org"
171410.10.0.4,METASPLOITABLE3,8020,tcp,6.8,Medium,"VendorFix","Apache Struts REST Plugin With XStream Handler RCE Vulnerability","This host is running Apache Struts and is
1715 prone to remote code execution vulnerability.","It was possible to execute command remotely at http://10.10.0.4:8020/struts2-rest-showcase/orders/3 with the command '<string>ping</string><string>-n</string><string>3</string><string>10.10.0.16</string>'.",1.3.6.1.4.1.25623.1.0.811730,"CVE-2017-9805",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,2917b389-0997-4c76-bf13-9238aa8f10be,"Successfully exploiting this issue may allow
1716 an attacker to execute arbitrary code in the context of the affected application.
1717 Failed exploit attempts will likely result in denial-of-service conditions.","Upgrade to Apache Struts version 2.5.13
1718 or 2.3.34 or later.","Apache Struts versions 2.5 through 2.5.12,
1719 2.1.2 through 2.3.33.","The flaw exists within the REST plugin which
1720 is using a XStreamHandler with an instance of XStream for deserialization
1721 without any type filtering.","Send a crafted HTTP POST request and check
1722 whether we are able to execute arbitrary code or not.
1723Details:
1724Apache Struts 'REST Plugin With XStream Handler' RCE Vulnerability
1725(OID: 1.3.6.1.4.1.25623.1.0.811730)
1726Version used: $Revision: 11874 $
1727","","100609","CB-K17/1612, CB-K17/1489, DFN-CERT-2017-1688, DFN-CERT-2017-1554","https://struts.apache.org/docs/s2-052.html, http://struts.apache.org"
172810.10.0.4,METASPLOITABLE3,9200,tcp,6.8,Medium,"VendorFix","Elastisearch Remote Code Execution Vulnerability","Elasticsearch is prone to a remote-code-execution vulnerability.","Vulnerable url: http://10.10.0.4:9200/_search?source=%7B%22size%22%3A1%2C%22query%22%3A%7B%22filtered%22%3A%7B%22query%22%3A%7B%22match_all%22%3A%7B%7D%7D%7D%7D%2C%22script_fields%22%3A%7B%22OpenVAS%22%3A%7B%22script%22%3A%22import%20java.util.*%3B%5Cnimport%20java.io.*%3B%5Cnnew%20Scanner(new%20File(%5C%22%2Fwindows%2Fwin.ini%5C%22)).useDelimiter(%5C%22%5C%5C%5C%5CZ%5C%22).next()%3B%22%7D%7D%7D&callback=?",1.3.6.1.4.1.25623.1.0.105032,"CVE-2014-3120",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,a4dd3d36-57d7-4d6c-b1e8-68787397c778,"An attacker can exploit this issue to execute arbitrary code","Ask the vendor for an update or disable 'dynamic scripting'","Elasticsearch < 1.2","Elasticsearch has a flaw in its default configuration which makes
1729 it possible for any webpage to execute arbitrary code on visitors with Elasticsearch installed.","Send a special crafted HTTP GET request and check the response
1730Details:
1731Elastisearch Remote Code Execution Vulnerability
1732(OID: 1.3.6.1.4.1.25623.1.0.105032)
1733Version used: $Revision: 10833 $
1734","Product: cpe:/a:elasticsearch:elasticsearch:1.1.1
1735Method: Elasticsearch and Logstash Detection
1736(OID: 1.3.6.1.4.1.25623.1.0.105031)
1737","","CB-K14/1131, DFN-CERT-2014-1188","http://bouk.co/blog/elasticsearch-rce/"
173810.10.0.4,METASPLOITABLE3,8585,tcp,6.5,Medium,"VendorFix","WordPress < 4.9.1 Multiple Vulnerabilities (Windows)","WordPress prior to 4.9.1 is prone to multiple vulnerabilities.","Installed version: 4.6.1
1739Fixed version: 4.9.1",1.3.6.1.4.1.25623.1.0.112147,"CVE-2017-17091, CVE-2017-17092, CVE-2017-17093, CVE-2017-17094",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f122513a-51f9-49bd-9d10-029ce7b65db2,"An attacker may leverage these issues to bypass access restrictions or conduct XSS via specific vectors.","Update to WordPress 4.9.1 or later.","WordPress prior to version 4.9.1.","WordPress before 4.9.1 is prone to the following security vulnerabilities:
1740
1741 - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID,
1742which allows remote attackers to bypass intended access restrictions by entering this string. (CVE-2017-17091)
1743
1744 - wp-includes/functions.php does not require the unfiltered_html capability for upload of .js files,
1745which might allow remote attackers to conduct XSS attacks via a crafted file. (CVE-2017-17092)
1746
1747 - wp-includes/general-template.php does not properly restrict the lang attribute of an HTML element,
1748which might allow attackers to conduct XSS attacks via the language setting of a site. (CVE-2017-17093)
1749
1750 - wp-includes/feed.php does not properly restrict enclosures in RSS and Atom fields,
1751which might allow attackers to conduct XSS attacks via a crafted URL. (CVE-2017-17094)","Checks if a vulnerable version is present on the target host.
1752Details:
1753WordPress < 4.9.1 Multiple Vulnerabilities (Windows)
1754(OID: 1.3.6.1.4.1.25623.1.0.112147)
1755Version used: $Revision: 11983 $
1756","Product: cpe:/a:wordpress:wordpress:4.6.1
1757Method: WordPress Version Detection
1758(OID: 1.3.6.1.4.1.25623.1.0.900182)
1759","","CB-K18/0122, DFN-CERT-2018-0126","https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/, https://codex.wordpress.org/Version_4.9.1"
176010.10.0.4,METASPLOITABLE3,8585,tcp,6.5,Medium,"VendorFix","WordPress Arbitrary File Deletion Vulnerability-June 2018 (Windows)","This host is running WordPress and is prone
1761 to arbitrary file deletion vulnerability.","Installed version: 4.6.1
1762Fixed version: 4.9.7
1763Installation
1764path / port: /wordpress",1.3.6.1.4.1.25623.1.0.813454,"CVE-2018-12895",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,416bde68-c6ea-48c7-8114-6fcb4cd0e3e7,"Successful exploitation will allow remote
1765 attackers to delete any file of the wordPress installation and any other file
1766 on the server on which the PHP process user has the proper permissions to delete.
1767 Also capability of arbitrary file deletion can be used to circumvent some
1768 security measures and execute arbitrary code on the webserver.","Update to version 4.9.7.","All wordPress versions through version 4.9.6
1769 on Windows","The flaw exists due to an insufficient
1770 sanitization of user input data in the 'wp-includes/post.php' script before
1771 passing on to a file deletion function.","Checks if a vulnerable version is present on the target host.
1772Details:
1773WordPress Arbitrary File Deletion Vulnerability-June 2018 (Windows)
1774(OID: 1.3.6.1.4.1.25623.1.0.813454)
1775Version used: $Revision: 12116 $
1776","Product: cpe:/a:wordpress:wordpress:4.6.1
1777Method: WordPress Version Detection
1778(OID: 1.3.6.1.4.1.25623.1.0.900182)
1779","","DFN-CERT-2018-1483, DFN-CERT-2018-1314","https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution, https://wordpress.org/download, https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/"
178010.10.0.4,METASPLOITABLE3,8585,tcp,6.5,Medium,"NoneAvailable","Wordpress PHP File Upload Vulnerability August 18 (Windows)","This host is running WordPress and is prone
1781 to PHP file upload vulnerability.","Installed version: 4.6.1
1782Fixed version: NoneAvailable
1783Installation
1784path / port: /wordpress",1.3.6.1.4.1.25623.1.0.813910,"CVE-2018-14028",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,243f1033-a278-45c8-9338-60102e08cf10,"Successful exploitation will allow remote
1785 attackers to upload php files in a predictable wp-content/uploads location and
1786 execute them.","No known solution is available as of 07th January, 2019.
1787 Information regarding this issue will be updated once solution details are available.","All wordpress versions through 4.9.8 on Windows","The flaw exists as the plugins uploaded via
1788 the admin area are not verified as being ZIP files.","Checks if a vulnerable version is present on the target host.
1789Details:
1790Wordpress PHP File Upload Vulnerability August 18 (Windows)
1791(OID: 1.3.6.1.4.1.25623.1.0.813910)
1792Version used: $Revision: 12956 $
1793","Product: cpe:/a:wordpress:wordpress:4.6.1
1794Method: WordPress Version Detection
1795(OID: 1.3.6.1.4.1.25623.1.0.900182)
1796","","","https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress, https://core.trac.wordpress.org/ticket/44710, https://github.com/rastating/wordpress-exploit-framework/pull/52, https://wordpress.org"
179710.10.0.4,METASPLOITABLE3,8585,tcp,6.4,Medium,"VendorFix","Apache HTTP Server mod_auth_digest Multiple Vulnerabilities (Windows)","This host is running Apache HTTP Server
1798 and is prone to multiple vulnerabilities.","Installed version: 2.2.21
1799Fixed version: 2.2.34",1.3.6.1.4.1.25623.1.0.811236,"CVE-2017-9788",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,8fe960ec-d29a-4437-888a-08b6a6d9519d,"Successful exploitation will allow remote
1800 attackers to cause the target service to crash. A remote user can obtain
1801 potentially sensitive information as well on the target system.","Upgrade to Apache HTTP Server 2.2.34 or 2.4.27
1802 or later.","Apache HTTP Server 2.2.x before 2.2.34 and
1803 2.4.x before 2.4.27 on Windows.","The flaw exists due to error in Apache
1804 'mod_auth_digest' which does not properly initialize memory used to process
1805 'Digest' type HTTP Authorization headers.","Checks if a vulnerable version is present on the target host.
1806Details:
1807Apache HTTP Server 'mod_auth_digest' Multiple Vulnerabilities (Windows)
1808(OID: 1.3.6.1.4.1.25623.1.0.811236)
1809Version used: $Revision: 11863 $
1810","Product: cpe:/a:apache:http_server:2.2.21
1811Method: Apache Web Server Detection
1812(OID: 1.3.6.1.4.1.25623.1.0.900498)
1813","99569","CB-K18/0066, CB-K17/2013, CB-K17/1980, CB-K17/1936, CB-K17/1871, CB-K17/1854, CB-K17/1842, CB-K17/1768, CB-K17/1747, CB-K17/1622, CB-K17/1558, CB-K17/1382, CB-K17/1197, CB-K17/1177, CB-K17/1023, DFN-CERT-2018-0077, DFN-CERT-2017-2104, DFN-CERT-2017-2070, DFN-CERT-2017-2021, DFN-CERT-2017-1954, DFN-CERT-2017-1926, DFN-CERT-2017-1925, DFN-CERT-2017-1843, DFN-CERT-2017-1828, DFN-CERT-2017-1692, DFN-CERT-2017-1626, DFN-CERT-2017-1443, DFN-CERT-2017-1240, DFN-CERT-2017-1217, DFN-CERT-2017-1058","http://www.securitytracker.com/id/1038906, http://httpd.apache.org/security/vulnerabilities_22.html, http://httpd.apache.org/security/vulnerabilities_24.html, https://httpd.apache.org"
181410.10.0.4,METASPLOITABLE3,8585,tcp,6.4,Medium,"VendorFix","PHP make_http_soap_request Information Disclosure Vulnerability (Windows)","This host is installed with PHP and is prone
1815 to denial of service or information disclosure vulnerabilities","Installed version: 5.3.10
1816Fixed version: 5.4.44",1.3.6.1.4.1.25623.1.0.808667,"CVE-2016-3185",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,92c273d4-93a8-4c5b-951a-8af55682095c,"Successfully exploiting this issue allow
1817 remote attackers to obtain sensitive information from process memory or
1818 cause a denial of service.","Upgrade to PHP version 5.4.44,
1819 or 5.5.28, or 5.6.12, or 7.0.4, or later.","PHP versions prior to 5.4.44, 5.5.x before
1820 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 on Windows","The flaw is due an error in the
1821 'make_http_soap_request' function in 'ext/soap/php_http.c' script.","Checks if a vulnerable version is present on the target host.
1822Details:
1823PHP 'make_http_soap_request' Information Disclosure Vulnerability (Windows)
1824(OID: 1.3.6.1.4.1.25623.1.0.808667)
1825Version used: $Revision: 12338 $
1826","Product: cpe:/a:php:php:5.3.10
1827Method: PHP Version Detection (Remote)
1828(OID: 1.3.6.1.4.1.25623.1.0.800109)
1829","","CB-K16/0944, CB-K16/0912, CB-K16/0623, CB-K16/0614, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0676, DFN-CERT-2016-0659","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
183010.10.0.4,METASPLOITABLE3,8585,tcp,6.4,Medium,"VendorFix","PHP Out of Bounds Read Memory Corruption Vulnerability - 01 - Mar16 (Windows)","This host is installed with PHP and is prone
1831 to out-of-bounds read memory corruption vulnerability.","Installed version: 5.3.10
1832Fixed version: 5.5.31",1.3.6.1.4.1.25623.1.0.807089,"CVE-2016-1903",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,9a6f18aa-6253-4d08-9e5e-f2e66c5d6e44,"Successfully exploiting this issue allow
1833 remote attackers to obtain sensitive information or cause a denial-of-service
1834 condition.","Upgrade to PHP version 5.5.31, or 5.6.17 or
1835 7.0.2 or later.","PHP versions before 5.5.31, 5.6.x before
1836 5.6.17, and 7.x before 7.0.2 on Windows","The flaw is due to memory corruption
1837 vulnerability via a large 'bgd_color' argument to the 'imagerotate' function
1838 in 'ext/gd/libgd/gd_interpolation.c' script.","Checks if a vulnerable version is present on the target host.
1839Details:
1840PHP Out of Bounds Read Memory Corruption Vulnerability - 01 - Mar16 (Windows)
1841(OID: 1.3.6.1.4.1.25623.1.0.807089)
1842Version used: $Revision: 11961 $
1843","Product: cpe:/a:php:php:5.3.10
1844Method: PHP Version Detection (Remote)
1845(OID: 1.3.6.1.4.1.25623.1.0.800109)
1846","79916","CB-K16/1776, CB-K16/0614, CB-K16/0161, CB-K16/0136, DFN-CERT-2016-1882, DFN-CERT-2016-0659, DFN-CERT-2016-0176, DFN-CERT-2016-0154","https://bugs.php.net/bug.php?id=70976, http://www.openwall.com/lists/oss-security/2016/01/14/8, http://www.php.net"
184710.10.0.4,METASPLOITABLE3,8585,tcp,6.4,Medium,"VendorFix","PHP phar_parse_pharfile Function Denial of Service Vulnerability - (Windows)","This host is installed with PHP and is prone
1848 to denial of service vulnerability.","Installed version: 5.3.10
1849Fixed version: 5.6.30",1.3.6.1.4.1.25623.1.0.811483,"CVE-2017-11147",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,ed891001-c09d-483f-8aef-28f2ac91bc63,"Successfully exploiting this issue allow
1850 remote attackers to supply malicious archive files to crash the PHP interpreter or
1851 potentially disclose information.","Upgrade to PHP version 5.6.30 or 7.0.15,
1852 or later.","PHP versions before 5.6.30, 7.x before 7.0.15","The flaw exists due to a buffer over-read error
1853 in the 'phar_parse_pharfile' function in ext/phar/phar.c script.","Checks if a vulnerable version is present on the target host.
1854Details:
1855PHP 'phar_parse_pharfile' Function Denial of Service Vulnerability - (Window...
1856(OID: 1.3.6.1.4.1.25623.1.0.811483)
1857Version used: $Revision: 11982 $
1858","Product: cpe:/a:php:php:5.3.10
1859Method: PHP Version Detection (Remote)
1860(OID: 1.3.6.1.4.1.25623.1.0.800109)
1861","","CB-K17/1575, CB-K17/1461, CB-K17/1358, DFN-CERT-2018-0835, DFN-CERT-2017-1647, DFN-CERT-2017-1529, DFN-CERT-2017-1420","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
186210.10.0.4,METASPLOITABLE3,8585,tcp,6.4,Medium,"VendorFix","PHP EXIF Header Denial of Service Vulnerability (Windows)","This host is installed with PHP and is prone to denial of service
1863 vulnerability.","Installed version: 5.3.10
1864Fixed version: 5.4.0 beta 4",1.3.6.1.4.1.25623.1.0.802349,"CVE-2011-4566",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,2258412e-7c63-4b99-9d96-133b87a0da7e,"Successful exploitation allows remote attackers to execute arbitrary code,
1865 obtain sensitive information or cause a denial of service.","Upgrade to PHP version 5.4.0 beta 4 or later.","PHP version 5.4.0 beta 2 on Windows.","The flaw is due to an integer overflow error in 'exif_process_IFD_TAG'
1866 function in the 'ext/exif/exif.c' file, Allows remote attackers to cause
1867 denial of service via crafted offset_val value in an EXIF header.","
1868Details:
1869PHP EXIF Header Denial of Service Vulnerability (Windows)
1870(OID: 1.3.6.1.4.1.25623.1.0.802349)
1871Version used: $Revision: 11997 $
1872","Product: cpe:/a:php:php:5.3.10
1873Method: PHP Version Detection (Remote)
1874(OID: 1.3.6.1.4.1.25623.1.0.800109)
1875","","DFN-CERT-2013-1494, DFN-CERT-2012-0914, DFN-CERT-2012-0714, DFN-CERT-2012-0586, DFN-CERT-2012-0172, DFN-CERT-2012-0167, DFN-CERT-2012-0165, DFN-CERT-2012-0130, DFN-CERT-2012-0099, DFN-CERT-2012-0070, DFN-CERT-2012-0003","https://bugs.php.net/bug.php?id=60150, http://olex.openlogic.com/wazi/2011/php-5-4-0-medium/, https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4566, http://www.php.net/downloads.php"
187610.10.0.4,METASPLOITABLE3,8282,tcp,6.4,Medium,"VendorFix","Apache Tomcat SecurityManager Information Disclosure Vulnerability (Windows)","This host is installed with Apache Tomcat
1877 and is prone to information disclosure vulnerability.","Installed version: 8.0.33
1878Fixed version: 8.0.42",1.3.6.1.4.1.25623.1.0.810764,"CVE-2017-5648",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,79316c23-28c6-4f00-bef7-1f7436206d50,"Successful exploitation will allows remote
1879 attackers to obtain sensitive information from requests other then their own.","Upgrade to version 9.0.0.M18,
1880 8.5.12, 8.0.42, 7.0.76 or later.","Apache Tomcat versions 9.0.0.M1 to 9.0.0.M17,
1881 Apache Tomcat versions 8.5.0 to 8.5.11,
1882 Apache Tomcat versions 8.0.0.RC1 to 8.0.41 and
1883 Apache Tomcat versions 7.0.0 to 7.0.75 on Windows","A some calls to application listeners
1884 did not use the appropriate facade object. When running an untrusted
1885 application under a SecurityManager, it was therefore possible for
1886 that untrusted application to retain a reference to the request or
1887 response object and thereby access and/or modify information associated
1888 with another web application.","Checks if a vulnerable version is present on the target host.
1889Details:
1890Apache Tomcat 'SecurityManager' Information Disclosure Vulnerability (Window...
1891(OID: 1.3.6.1.4.1.25623.1.0.810764)
1892Version used: $Revision: 11888 $
1893","Product: cpe:/a:apache:tomcat:8.0.33
1894Method: Apache Tomcat Version Detection
1895(OID: 1.3.6.1.4.1.25623.1.0.800371)
1896","","CB-K18/0047, CB-K17/1257, CB-K17/1246, CB-K17/1060, CB-K17/0801, CB-K17/0604, DFN-CERT-2018-0051, DFN-CERT-2017-1300, DFN-CERT-2017-1288, DFN-CERT-2017-1095, DFN-CERT-2017-0828, DFN-CERT-2017-0624","http://tomcat.apache.org/security-9.html, http://tomcat.apache.org/security-8.html, http://tomcat.apache.org/security-7.html, ://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E"
189710.10.0.4,METASPLOITABLE3,8282,tcp,6.4,Medium,"WillNotFix","Apache Axis2 1.6.2 Multiple Vulnerabilities","Apache Axis2 is prone to:
1898
1899 - a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server.
1900
1901 - a security vulnerability involving XML signature wrapping.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.111004,"CVE-2012-5785, CVE-2012-4418, CVE-2012-5351",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,564910e6-1ad7-43a0-a5bf-588b0eea9365,"Successfully exploiting this issues allows attackers to:
1902
1903 - perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
1904
1905 - may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified
1906 and contain arbitrary content. This may aid in further attacks.","No known solution was made available for at least one year since the disclosure of this vulnerability.
1907Likely none will be provided anymore.
1908General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.","The issue affects versions up to 1.6.2.","","
1909Details:
1910Apache Axis2 1.6.2 Multiple Vulnerabilities
1911(OID: 1.3.6.1.4.1.25623.1.0.111004)
1912Version used: $Revision: 11872 $
1913","Product: cpe:/a:apache:axis2:1.6.0
1914Method: Apache Axis2 Detection
1915(OID: 1.3.6.1.4.1.25623.1.0.100813)
1916","56408, 55508","","https://www.securityfocus.com/bid/56408, https://www.securityfocus.com/bid/55508, http://ws.apache.org/axis2/, https://issues.apache.org/jira/browse/AXIS2C-1607"
191710.10.0.4,METASPLOITABLE3,8585,tcp,6.4,Medium,"VendorFix","PHP Denial of Service Vulnerability - 02 - Aug16 (Windows)","This host is installed with PHP and is prone
1918 to denial of service vulnerability.","Installed version: 5.3.10
1919Fixed version: 5.5.31",1.3.6.1.4.1.25623.1.0.809138,"CVE-2016-5114",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7011769f-eb8f-4474-86aa-c5e7e367b3e7,"Successfully exploiting this issue allow
1920 attackers to obtain sensitive information from process memory or cause a
1921 denial of service (out-of-bounds read and buffer overflow) via a long string.","Upgrade to PHP version 5.5.31, or 5.6.17,
1922 or 7.0.2, or later.","PHP versions before 5.5.31, 5.6.x before
1923 5.6.17, and 7.x before 7.0.2 on Windows.","The flaw is due to the 'sapi/fpm/fpm/fpm_log.c'
1924 script misinterprets the semantics of the snprintf return value.","Checks if a vulnerable version is present on the target host.
1925Details:
1926PHP Denial of Service Vulnerability - 02 - Aug16 (Windows)
1927(OID: 1.3.6.1.4.1.25623.1.0.809138)
1928Version used: $Revision: 12096 $
1929","Product: cpe:/a:php:php:5.3.10
1930Method: PHP Version Detection (Remote)
1931(OID: 1.3.6.1.4.1.25623.1.0.800109)
1932","81808","CB-K16/1776, CB-K16/1179, CB-K16/0944, CB-K16/0912, CB-K16/0911, DFN-CERT-2016-1882, DFN-CERT-2016-1253, DFN-CERT-2016-1004, DFN-CERT-2016-0972, DFN-CERT-2016-0944","http://www.php.net/ChangeLog-5.php"
193310.10.0.4,METASPLOITABLE3,8585,tcp,5.8,Medium,"VendorFix","PHP Multiple Vulnerabilities - 01 - Mar13 (Windows)","This host is running PHP and is prone to multiple vulnerabilities.","Installed version: 5.3.10
1934Fixed version: 5.4.0",1.3.6.1.4.1.25623.1.0.803341,"CVE-2012-1172",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7cf30d0d-f07e-4526-b8fe-db653172c5db,"Successful exploitation will allow attackers to retrieve, corrupt or upload
1935 arbitrary files, or can cause denial of service via corrupted $_FILES indexes.","Upgrade to PHP 5.4.0 or later.","PHP version before 5.4.0","Flaw due to insufficient validation of file-upload implementation in
1936 rfc1867.c and it does not handle invalid '[' characters in name values.","Checks if a vulnerable version is present on the target host.
1937Details:
1938PHP Multiple Vulnerabilities - 01 - Mar13 (Windows)
1939(OID: 1.3.6.1.4.1.25623.1.0.803341)
1940Version used: $Revision: 11865 $
1941","Product: cpe:/a:php:php:5.3.10
1942Method: PHP Version Detection (Remote)
1943(OID: 1.3.6.1.4.1.25623.1.0.800109)
1944","53403","DFN-CERT-2013-1494, DFN-CERT-2012-1268, DFN-CERT-2012-1267, DFN-CERT-2012-1266, DFN-CERT-2012-1173, DFN-CERT-2012-0914, DFN-CERT-2012-0907, DFN-CERT-2012-0906, DFN-CERT-2012-0900, DFN-CERT-2012-0870, DFN-CERT-2012-0869, DFN-CERT-2012-0866, DFN-CERT-2012-0813, DFN-CERT-2012-0773","http://www.php.net/ChangeLog-5.php, http://cxsecurity.com/cveshow/CVE-2012-1172, http://secunia.com/advisories/cve_reference/CVE-2012-1172, http://www.php.net/downloads.php"
194510.10.0.4,METASPLOITABLE3,8585,tcp,5.8,Medium,"VendorFix","WordPress Multiple Vulnerabilities Mar17 (Windows)","This host is running WordPress and is prone
1946 to multiple vulnerabilities.","Installed version: 4.6.1
1947Fixed version: 4.7.3",1.3.6.1.4.1.25623.1.0.809895,"CVE-2017-6804, CVE-2017-6815, CVE-2017-6814, CVE-2017-6816, CVE-2017-6818, CVE-2017-6817, CVE-2017-6819",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,e53c2bbc-0a8e-424c-84dc-9054d7829804,"Successfully exploiting will allow remote
1948 attacker to create a specially crafted URL, execute arbitrary script code
1949 in an user's browser session within the trust relationship between their
1950 browser and the server and leading to excessive use of server resources.","Upgrade to WordPress version 4.7.3 or later.","WordPress versions 4.7.2 and prior on Windows.","Multiple flaws are due to,
1951
1952 - A cross-site scripting (XSS) vulnerability in media file metadata.
1953
1954 - An improper URL validation.
1955
1956 - Unintended files can be deleted by administrators using the plugin deletion
1957 functionality.
1958
1959 - A cross-site scripting (XSS) in video URL in YouTube embeds.
1960
1961 - A Cross-site request forgery (CSRF) in Press.","Checks if a vulnerable version is present on the target host.
1962Details:
1963WordPress Multiple Vulnerabilities Mar17 (Windows)
1964(OID: 1.3.6.1.4.1.25623.1.0.809895)
1965Version used: $Revision: 11874 $
1966","Product: cpe:/a:wordpress:wordpress:4.6.1
1967Method: WordPress Version Detection
1968(OID: 1.3.6.1.4.1.25623.1.0.900182)
1969","","CB-K17/0387, DFN-CERT-2017-0395","https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release"
197010.10.0.4,METASPLOITABLE3,8585,tcp,5.8,Medium,"Mitigation","HTTP Debugging Methods (TRACE/TRACK) Enabled","Debugging functions are enabled on the remote web server.
1971
1972 The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK
1973 are HTTP methods which are used to debug web server connections.","The web server has the following HTTP methods enabled: TRACE",1.3.6.1.4.1.25623.1.0.11213,"CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,3c2ff258-90f7-418d-a423-01fd2892a3ed,"An attacker may use this flaw to trick your legitimate web users to give
1974 him their credentials.","Disable the TRACE and TRACK methods in your web server configuration.
1975
1976 Please see the manual of your web server or the references for more information.","Web servers with enabled TRACE and/or TRACK methods.","It has been shown that web servers supporting this methods are
1977 subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in
1978 conjunction with various weaknesses in browsers.","
1979Details:
1980HTTP Debugging Methods (TRACE/TRACK) Enabled
1981(OID: 1.3.6.1.4.1.25623.1.0.11213)
1982Version used: $Revision: 10828 $
1983","","9506, 9561, 11604, 15222, 19915, 24456, 33374, 36956, 36990, 37995","CB-K14/0981, DFN-CERT-2014-1018, DFN-CERT-2010-0020","http://www.kb.cert.org/vuls/id/288308, http://www.kb.cert.org/vuls/id/867593, http://httpd.apache.org/docs/current/de/mod/core.html#traceenable, https://www.owasp.org/index.php/Cross_Site_Tracing"
198410.10.0.4,METASPLOITABLE3,8585,tcp,5.8,Medium,"VendorFix","WordPress Ninja Forms Plugin < 3.3.19.1 Open Redirect Vulnerability","An open redirect vulnerability in Ninja Forms plugin for WordPress allows
1985 remote attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.","Installed version: 2.9.42
1986Fixed version: 3.3.19.1",1.3.6.1.4.1.25623.1.0.112448,"CVE-2018-19796",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,95446368-93fc-4fbb-98cd-247400343440,"","Upgrade to version 3.3.19.1 or later.","WordPress Ninja Forms plugin before version 3.3.19.1.","","Checks if a vulnerable version is present on the target host.
1987Details:
1988WordPress Ninja Forms Plugin < 3.3.19.1 Open Redirect Vulnerability
1989(OID: 1.3.6.1.4.1.25623.1.0.112448)
1990Version used: $Revision: 12648 $
1991","Product: cpe:/a:wordpress:wordpress:4.6.1
1992Method: WordPress Version Detection
1993(OID: 1.3.6.1.4.1.25623.1.0.900182)
1994","","","https://wordpress.org/plugins/ninja-forms/#developers"
199510.10.0.4,METASPLOITABLE3,8484,tcp,5.8,Medium,"VendorFix","CloudBees Jenkins Multiple Vulnerabilities-01-May16 (Windows)","This host is installed with CloudBees
1996 Jenkins and is prone to multiple vulnerabilities.","Installed version: 1.637
1997Fixed version: 1.651.2",1.3.6.1.4.1.25623.1.0.807329,"CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b9f15907-f1f3-4b38-9d74-4a68cceb6a4b,"Successful exploitation will allow remote
1998 attackers to obtain sensitive information, bypass the protection mechanism,
1999 gain elevated privileges, bypass intended access restrictions and execute
2000 arbitrary code.","Upgrade to CloudBees Jenkins LTS 1.651.2 or
2001 later.","CloudBees Jenkins LTS before 1.651.2 on Windows","Multiple flaws are due to,
2002
2003 - The XML/JSON API endpoints providing information about installed plugins
2004 were missing permissions checks, allowing any user with read access to
2005 Jenkins to determine which plugins and versions were installed.
2006
2007 - The users with extended read access could access encrypted secrets stored
2008 directly in the configuration of those items.
2009
2010 - A missing permissions check allowed any user with access to Jenkins to trigger
2011 an update of update site metadata. This could be combined with DNS cache
2012 poisoning to disrupt Jenkins service.
2013
2014 - The Some Jenkins URLs did not properly validate the redirect URLs, which
2015 allowed malicious users to create URLs that redirect users to arbitrary
2016 scheme-relative URLs.
2017
2018 - The API URL /computer/(master)/api/xml allowed users with the 'extended read'
2019 permission for the master node to see some global Jenkins configuration,
2020 including the configuration of the security realm.
2021
2022 - By changing the freely editable 'full name', malicious users with multiple
2023 user accounts could prevent other users from logging in, as 'full name' was
2024 resolved before actual user name to determine which account is currently trying
2025 to log in.
2026
2027 - An improper validation of build parameters in Jenkins.","Checks if a vulnerable version is present on the target host.
2028Details:
2029CloudBees Jenkins Multiple Vulnerabilities-01-May16 (Windows)
2030(OID: 1.3.6.1.4.1.25623.1.0.807329)
2031Version used: $Revision: 12761 $
2032","Product: cpe:/a:jenkins:jenkins:1.637
2033Method: Jenkins CI Detection
2034(OID: 1.3.6.1.4.1.25623.1.0.111001)
2035","","CB-K16/1303, CB-K16/0714, DFN-CERT-2016-1386, DFN-CERT-2016-0770","https://www.cloudbees.com/jenkins-security-advisory-2016-05-11, https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
203610.10.0.4,METASPLOITABLE3,8585,tcp,5.8,Medium,"VendorFix","WordPress Multiple Vulnerabilities-April 2018 (Windows)","This host is running WordPress and is prone
2037 to multiple vulnerabilities.","Installed version: 4.6.1
2038Fixed version: 4.9.5
2039Installation
2040path / port: /wordpress",1.3.6.1.4.1.25623.1.0.813087,"CVE-2018-10100, CVE-2018-10101, CVE-2018-10102",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,5613e208-e5fe-4c27-bfc8-a3471a319c5e,"Successful exploitation will allow remote
2041 attackers to conduct cross site scripting, url redirection attacks and
2042 bypass security restrictions.","Upgrade to WordPress version 4.9.5 or later.
2043 For updates refer to Reference links.","WordPress versions prior to 4.9.5 on Windows","Multiple flaws are due to,
2044
2045 - The version string was not escaped in the 'get_the_generator' function.
2046
2047 - The URL validator assumed URLs with the hostname localhost were on the same
2048 host as the WordPress server.
2049
2050 - The redirection URL for the login page was not validated or sanitized if
2051 forced to use HTTPS.","Checks if a vulnerable version is present on the target host.
2052Details:
2053WordPress Multiple Vulnerabilities-April 2018 (Windows)
2054(OID: 1.3.6.1.4.1.25623.1.0.813087)
2055Version used: $Revision: 12116 $
2056","Product: cpe:/a:wordpress:wordpress:4.6.1
2057Method: WordPress Version Detection
2058(OID: 1.3.6.1.4.1.25623.1.0.900182)
2059","","CB-K18/0563, DFN-CERT-2018-0624","https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release, https://wordpress.org/download"
206010.10.0.4,METASPLOITABLE3,8484,tcp,5.5,Medium,"VendorFix","Jenkins < 2.121 and < 2.107.3 LTS Multiple Vulnerabilities (Windows)","This host is installed with Jenkins and is prone to multiple vulnerabilities.","Installed version: 1.637
2061Fixed version: 2.121",1.3.6.1.4.1.25623.1.0.112298,"CVE-2018-1000192, CVE-2018-1000193, CVE-2018-1000194, CVE-2018-1000195",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7046a090-5be2-4c1a-b161-ae1e693543b5,"","Upgrade to Jenkins weekly to 2.121 or later / Jenkins LTS to 2.107.3 or
2062 later.","Jenkins LTS up to and including 2.107.2, Jenkins weekly up to and including 2.120.","Jenkins is prone to the following vulnerabilities:
2063
2064 - An information exposure vulnerability in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins. (CVE-2018-1000192)
2065
2066 - An improper neutralization of control sequences vulnerability in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters
2067that can then appear to have the same name as other users, and cannot be deleted via the UI. (CVE-2018-1000193)
2068
2069 - A path traversal vulnerability in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary
2070files on the Jenkins master, bypassing the agent-to-master security subsystem protection. (CVE-2018-1000194)
2071
2072 - A server-side request forgery vulnerability in ZipExtractionInstaller.java that allows users with Overall/Read permission to have
2073Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not. (CVE-2018-1000195)","Checks if a vulnerable version is present on the target host.
2074Details:
2075Jenkins < 2.121 and < 2.107.3 LTS Multiple Vulnerabilities (Windows)
2076(OID: 1.3.6.1.4.1.25623.1.0.112298)
2077Version used: $Revision: 12761 $
2078","Product: cpe:/a:jenkins:jenkins:1.637
2079Method: Jenkins CI Detection
2080(OID: 1.3.6.1.4.1.25623.1.0.111001)
2081","","","https://jenkins.io/security/advisory/2018-05-09/, https://www.cloudbees.com"
208210.10.0.4,METASPLOITABLE3,8484,tcp,5.5,Medium,"VendorFix","Jenkins < 2.138 and < 2.121.3 LTS Multiple Vulnerabilities (Windows)","This host is installed with Jenkins and is prone to multiple vulnerabilities.","Installed version: 1.637
2083Fixed version: 2.138
2084Installation
2085path / port: /",1.3.6.1.4.1.25623.1.0.112360,"CVE-2018-1999042, CVE-2018-1999043, CVE-2018-1999044, CVE-2018-1999045, CVE-2018-1999046, CVE-2018-1999047",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b7a6027f-b339-49ad-bac3-2bb2b10339cc,"","Upgrade to Jenkins weekly to 2.138 or later / Jenkins LTS to 2.121.3 or
2086 later.","Jenkins LTS up to and including 2.121.2, Jenkins weekly up to and including 2.137.","Jenkins is prone to the following vulnerabilities:
2087
2088 - Jenkins allowed deserialization of URL objects via Remoting (agent communication) and XStream (CVE-2018-1999042).
2089
2090 - Ephemeral user record was created on some invalid authentication attempts (CVE-2018-1999043).
2091
2092 - Cron expression form validation could enter infinite loop, potentially resulting in denial of service (CVE-2018-1999044).
2093
2094 - 'Remember me' cookie was evaluated even if that feature is disabled (CVE-2018-1999045).
2095
2096 - Unauthorized users could access agent logs (CVE-2018-1999046).
2097
2098 - Unauthorized users could cancel scheduled restarts initiated from the update center (CVE-2018-1999047).","Checks if a vulnerable version is present on the target host.
2099Details:
2100Jenkins < 2.138 and < 2.121.3 LTS Multiple Vulnerabilities (Windows)
2101(OID: 1.3.6.1.4.1.25623.1.0.112360)
2102Version used: $Revision: 12761 $
2103","Product: cpe:/a:jenkins:jenkins:1.637
2104Method: Jenkins CI Detection
2105(OID: 1.3.6.1.4.1.25623.1.0.111001)
2106","","","https://jenkins.io/security/advisory/2018-08-15/, https://www.cloudbees.com"
210710.10.0.4,METASPLOITABLE3,8443,tcp,5.4,Medium,"Mitigation","SSL/TLS: Report Anonymous Cipher Suites","This routine reports all 'Anonymous' SSL/TLS cipher suites accepted by a service.","'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol:
2108
2109TLS_DH_anon_WITH_AES_128_CBC_SHA",1.3.6.1.4.1.25623.1.0.108147,"CVE-2007-1858, CVE-2014-0351",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,3330cfbc-a6ac-4767-8ae6-103c31fc0df6,"This could allow remote attackers to obtain sensitive information
2110 or have other, unspecified impacts.","The configuration of this services should be changed so
2111 that it does not accept the listed 'Anonymous' cipher suites anymore.
2112
2113 Please see the references for more resources supporting you in this task.","","Services supporting 'Anonymous' cipher suites could allow a client to negotiate a
2114 SSL/TLS connection to the host without any authentication of the remote endpoint.","
2115Details:
2116SSL/TLS: Report 'Anonymous' Cipher Suites
2117(OID: 1.3.6.1.4.1.25623.1.0.108147)
2118Version used: $Revision: 5994 $
2119","","28482, 69754","CB-K14/0058, DFN-CERT-2014-0049, DFN-CERT-2012-0442","https://bettercrypto.org/, https://mozilla.github.io/server-side-tls/ssl-config-generator/"
212010.10.0.4,METASPLOITABLE3,8031,tcp,5.4,Medium,"Mitigation","SSL/TLS: Report Anonymous Cipher Suites","This routine reports all 'Anonymous' SSL/TLS cipher suites accepted by a service.","'Anonymous' cipher suites accepted by this service via the TLSv1.0 protocol:
2121
2122TLS_DH_anon_WITH_AES_128_CBC_SHA",1.3.6.1.4.1.25623.1.0.108147,"CVE-2007-1858, CVE-2014-0351",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,626ae3a9-fb4f-415b-8747-2db4e2980b51,"This could allow remote attackers to obtain sensitive information
2123 or have other, unspecified impacts.","The configuration of this services should be changed so
2124 that it does not accept the listed 'Anonymous' cipher suites anymore.
2125
2126 Please see the references for more resources supporting you in this task.","","Services supporting 'Anonymous' cipher suites could allow a client to negotiate a
2127 SSL/TLS connection to the host without any authentication of the remote endpoint.","
2128Details:
2129SSL/TLS: Report 'Anonymous' Cipher Suites
2130(OID: 1.3.6.1.4.1.25623.1.0.108147)
2131Version used: $Revision: 5994 $
2132","","28482, 69754","CB-K14/0058, DFN-CERT-2014-0049, DFN-CERT-2012-0442","https://bettercrypto.org/, https://mozilla.github.io/server-side-tls/ssl-config-generator/"
213310.10.0.4,METASPLOITABLE3,8585,tcp,5.1,Medium,"VendorFix","Apache HTTP Server Man-in-the-Middle attack Vulnerability - July16 (Windows)","This host is installed with Apache HTTP Server
2134 and is prone to man-in-the-middle attack vulnerability.","Installed version: 2.2.21
2135Fixed version: 2.4.24",1.3.6.1.4.1.25623.1.0.808631,"CVE-2016-5387",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,26771ce3-2d05-4d62-a2a4-f8f5bf249a97,"Successful exploitation will allow remote
2136 attackers to redirect an application's outbound HTTP traffic to an arbitrary
2137 proxy server via a crafted proxy header in an HTTP request.","Upgrade to version 2.4.24, or 2.2.32, or newer.","Apache HTTP Server through 2.4.23 on Windows
2138
2139 - ---
2140 NOTE: Apache HTTP Server 2.2.32 is not vulnerable
2141
2142 - ---","The flaw is due to 'CGI Servlet' does not
2143 protect applications from the presence of untrusted client data in the
2144 'HTTP_PROXY' environment variable.","Checks if a vulnerable version is present on the target host.
2145Details:
2146Apache HTTP Server Man-in-the-Middle attack Vulnerability - July16 (Windows)
2147(OID: 1.3.6.1.4.1.25623.1.0.808631)
2148Version used: $Revision: 12455 $
2149","Product: cpe:/a:apache:http_server:2.2.21
2150Method: Apache Web Server Detection
2151(OID: 1.3.6.1.4.1.25623.1.0.900498)
2152","91816","CB-K17/2013, CB-K17/1854, CB-K17/1842, CB-K17/1622, CB-K17/0527, CB-K17/0055, CB-K16/1995, CB-K16/1620, CB-K16/1289, CB-K16/1103, CB-K16/1088, CB-K16/1087, DFN-CERT-2017-2104, DFN-CERT-2017-1926, DFN-CERT-2017-1925, DFN-CERT-2017-1692, DFN-CERT-2017-0532, DFN-CERT-2017-0060, DFN-CERT-2016-2108, DFN-CERT-2016-1717, DFN-CERT-2016-1372, DFN-CERT-2016-1175, DFN-CERT-2016-1162, DFN-CERT-2016-1153","https://www.apache.org/security/asf-httpoxy-response.txt, http://www.apache.org"
215310.10.0.4,METASPLOITABLE3,8585,tcp,5.1,Medium,"VendorFix","PHP php_parserr Heap Based Buffer Overflow Vulnerability (Windows)","This host is installed with PHP and is prone
2154 to heap-based buffer overflow vulnerability.","Installed version: 5.3.10
2155Fixed version: 5.3.29",1.3.6.1.4.1.25623.1.0.809742,"CVE-2014-4049",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7e0c02d3-7a36-4e08-b45e-866929034a3f,"Successfully exploiting this issue allows remote
2156 attackers to cause a denial of service (crash) and possibly execute arbitrary code
2157 on the affected system.","Update to PHP version 5.6.0 or 5.5.14 or
2158 5.4.30 or 5.3.29 or later.","PHP versions 5.6.x before 5.6.0, 5.5.x before
2159 5.5.14, 5.4.x before 5.4.30, 5.3.x before 5.3.29 on Windows","The flaw is due to buffer overflow error
2160 in the 'php_parserr' function in ext/standard/dns.c script.","Checks if a vulnerable version is present on the target host.
2161Details:
2162PHP 'php_parserr' Heap Based Buffer Overflow Vulnerability (Windows)
2163(OID: 1.3.6.1.4.1.25623.1.0.809742)
2164Version used: $Revision: 12313 $
2165","Product: cpe:/a:php:php:5.3.10
2166Method: PHP Version Detection (Remote)
2167(OID: 1.3.6.1.4.1.25623.1.0.800109)
2168","68007","CB-K16/0944, CB-K15/0493, CB-K14/1359, CB-K14/1174, CB-K14/1167, CB-K14/1110, CB-K14/0973, CB-K14/0972, CB-K14/0834, CB-K14/0830, CB-K14/0829, CB-K14/0805, CB-K14/0776, CB-K14/0750, DFN-CERT-2016-1004, DFN-CERT-2014-1434, DFN-CERT-2014-1219, DFN-CERT-2014-1166, DFN-CERT-2014-1014, DFN-CERT-2014-1013, DFN-CERT-2014-0870, DFN-CERT-2014-0868, DFN-CERT-2014-0867, DFN-CERT-2014-0839, DFN-CERT-2014-0816, DFN-CERT-2014-0782","http://php.net/ChangeLog-5.php, http://www.openwall.com/lists/oss-security/2014/06/13/4, http://www.php.net"
216910.10.0.4,METASPLOITABLE3,8585,tcp,5.1,Medium,"VendorFix","PHP Man-in-the-Middle Attack Vulnerability - Jul16 (Windows)","This host is installed with PHP and is prone
2170 to Man-in-the-middle attack vulnerability.","Installed version: 5.3.10
2171Fixed version: 5.6.24/7.0.9",1.3.6.1.4.1.25623.1.0.808627,"CVE-2016-5385, CVE-2016-6128",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,009c6a90-b6db-408f-9d0f-f05662e37276,"Successfully exploiting this issue may allow
2172 remote, unauthenticated to conduct MITM attacks on internal server subrequests
2173 or direct the server to initiate connections to arbitrary hosts or to cause a
2174 denial of service.","Update to PHP version 5.6.24 or 7.0.19.","PHP versions 5.x through 5.6.23 and 7.0.x through 7.0.8 on Windows","The following flaws exist:
2175
2176 - The web servers running in a CGI or CGI-like context may assign client request proxy header values to internal
2177 HTTP_PROXY environment variables.
2178
2179 - 'HTTP_PROXY' is improperly trusted by some PHP libraries and applications
2180
2181 - An unspecified flaw in the gdImageCropThreshold
2182 function in 'gd_crop.c' in the GD Graphics Library.","Checks if a vulnerable version is present on the target host.
2183Details:
2184PHP Man-in-the-Middle Attack Vulnerability - Jul16 (Windows)
2185(OID: 1.3.6.1.4.1.25623.1.0.808627)
2186Version used: $Revision: 11969 $
2187","Product: cpe:/a:php:php:5.3.10
2188Method: PHP Version Detection (Remote)
2189(OID: 1.3.6.1.4.1.25623.1.0.800109)
2190","91821, 91509","CB-K17/1252, CB-K16/1941, CB-K16/1854, CB-K16/1776, CB-K16/1549, CB-K16/1499, CB-K16/1407, CB-K16/1283, CB-K16/1248, CB-K16/1179, CB-K16/1115, CB-K16/1110, CB-K16/1106, CB-K16/1092, CB-K16/1077, CB-K16/1045, DFN-CERT-2017-1295, DFN-CERT-2016-2047, DFN-CERT-2016-1961, DFN-CERT-2016-1882, DFN-CERT-2016-1641, DFN-CERT-2016-1590, DFN-CERT-2016-1498, DFN-CERT-2016-1367, DFN-CERT-2016-1326, DFN-CERT-2016-1253, DFN-CERT-2016-1184, DFN-CERT-2016-1179, DFN-CERT-2016-1178, DFN-CERT-2016-1157, DFN-CERT-2016-1144, DFN-CERT-2016-1110","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php, http://www.kb.cert.org/vuls/id/797896, https://bugs.php.net/bug.php?id=72573, https://bugs.php.net/bug.php?id=72494"
219110.10.0.4,METASPLOITABLE3,135,tcp,5.0,Medium,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
2192 on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
2193
2194Port: 49152/tcp
2195
2196 UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
2197 Endpoint: ncacn_ip_tcp:10.10.0.4[49152]
2198
2199Port: 49153/tcp
2200
2201 UUID: 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1
2202 Endpoint: ncacn_ip_tcp:10.10.0.4[49153]
2203 Annotation: NRP server endpoint
2204
2205 UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1
2206 Endpoint: ncacn_ip_tcp:10.10.0.4[49153]
2207 Annotation: DHCP Client LRPC Endpoint
2208
2209 UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1
2210 Endpoint: ncacn_ip_tcp:10.10.0.4[49153]
2211 Annotation: DHCPv6 Client LRPC Endpoint
2212
2213 UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
2214 Endpoint: ncacn_ip_tcp:10.10.0.4[49153]
2215 Annotation: Event log TCPIP
2216
2217Port: 49154/tcp
2218
2219 UUID: 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1
2220 Endpoint: ncacn_ip_tcp:10.10.0.4[49154]
2221
2222 UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1
2223 Endpoint: ncacn_ip_tcp:10.10.0.4[49154]
2224 Annotation: IP Transition Configuration endpoint
2225
2226 UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
2227 Endpoint: ncacn_ip_tcp:10.10.0.4[49154]
2228
2229 UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1
2230 Endpoint: ncacn_ip_tcp:10.10.0.4[49154]
2231 Annotation: XactSrv service
2232
2233 UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1
2234 Endpoint: ncacn_ip_tcp:10.10.0.4[49154]
2235 Annotation: IKE/Authip API
2236
2237 UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1
2238 Endpoint: ncacn_ip_tcp:10.10.0.4[49154]
2239 Annotation: Impl friendly name
2240
2241Port: 49179/tcp
2242
2243 UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
2244 Endpoint: ncacn_ip_tcp:10.10.0.4[49179]
2245 Named pipe : lsass
2246 Win32 service or process : lsass.exe
2247 Description : SAM access
2248
2249Port: 49219/tcp
2250
2251 UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
2252 Endpoint: ncacn_ip_tcp:10.10.0.4[49219]
2253
2254Port: 49341/tcp
2255
2256 UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1
2257 Endpoint: ncacn_ip_tcp:10.10.0.4[49341]
2258 Annotation: Remote Fw APIs
2259
2260Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.",1.3.6.1.4.1.25623.1.0.10736,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,951a989f-98ee-4921-a239-40e497045f33,"An attacker may use this fact to gain more knowledge
2261 about the remote host.","Filter incoming traffic to this ports.","","","
2262Details:
2263DCE/RPC and MSRPC Services Enumeration Reporting
2264(OID: 1.3.6.1.4.1.25623.1.0.10736)
2265Version used: $Revision: 6319 $
2266","","","",""
226710.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","WordPress / WordPress MU Multiple Vulnerabilities - July09","The host is running WordPress / WordPress MU and is prone to multiple
2268 vulnerabilities","Vulnerable url: http://10.10.0.4:8585/wordpress/wp-settings.php",1.3.6.1.4.1.25623.1.0.800662,"CVE-2009-2432, CVE-2009-2336, CVE-2009-2335, CVE-2009-2334",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,acd5b0d4-2785-4aa3-abee-89df133089c3,"Successful exploitation will allow attackers to view the content of plugins
2269 configuration pages, inject malicious scripting code, or gain knowledge of sensitive username information.","Update to Version 2.8.1 or later.","WordPress / WordPress MU version prior to 2.8.1.","- Error in 'wp-settings.php' which may disclose sensitive information via
2270 a direct request.
2271
2272 - Error occur when user attempt for failed login or password request depending
2273 on whether the user account exists, and it can be exploited by enumerate valid usernames.
2274
2275 - Error in wp-admin/admin.php is does not require administrative authentication
2276 to access the configuration of a plugin, which allows attackers to specify a
2277 configuration file in the page parameter via collapsing-archives/options.txt,
2278 related-ways-to-take-action/options.php, wp-security-scan/securityscan.php,
2279 akismet/readme.txt and wp-ids/ids-admin.php.","
2280Details:
2281WordPress / WordPress MU Multiple Vulnerabilities - July09
2282(OID: 1.3.6.1.4.1.25623.1.0.800662)
2283Version used: $Revision: 12908 $
2284","Product: cpe:/a:wordpress:wordpress:4.6.1
2285Method: WordPress Version Detection
2286(OID: 1.3.6.1.4.1.25623.1.0.900182)
2287","35581, 35584","DFN-CERT-2010-0125, DFN-CERT-2009-1593, DFN-CERT-2009-1208, DFN-CERT-2009-1188, DFN-CERT-2009-1144, DFN-CERT-2009-1081","http://www.vupen.com/english/advisories/2009/1833, http://securitytracker.com/alerts/2009/Jul/1022528.html, http://www.securityfocus.com/archive/1/archive/1/504795/100/0/threaded"
228810.10.0.4,METASPLOITABLE3,8282,tcp,5.0,Medium,"VendorFix","Apache Tomcat Reverse Proxy Information Disclosure Vulnerability (Windows)","This host is installed with Apache Tomcat
2289 and is prone to information disclosure vulnerability.","Installed version: 8.0.33
2290Fixed version: 8.0.39",1.3.6.1.4.1.25623.1.0.810719,"CVE-2016-8747",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,a1725c51-bb21-4289-b946-e03bb92c7b66,"Successful exploitation will allows remote
2291 attackers to obtain sensitive information from requests other then their own.","Upgrade to version 9.0.0.M17, 8.5.11 or later.","Apache Tomcat versions 9.0.0.M11 to 9.0.0.M15 and
2292 Apache Tomcat versions 8.5.0 to 8.5.9 on Windows.","The refactoring to make wider use of
2293 ByteBuffer introduced a regression that could cause information to leak
2294 between requests on the same connection. When running behind a reverse
2295 proxy, this could result in information leakage between users.","Checks if a vulnerable version is present on the target host.
2296Details:
2297Apache Tomcat Reverse Proxy Information Disclosure Vulnerability (Windows)
2298(OID: 1.3.6.1.4.1.25623.1.0.810719)
2299Version used: $Revision: 11888 $
2300","Product: cpe:/a:apache:tomcat:8.0.33
2301Method: Apache Tomcat Version Detection
2302(OID: 1.3.6.1.4.1.25623.1.0.800371)
2303","96895","CB-K17/0426, DFN-CERT-2017-0433","http://svn.apache.org/viewvc?view=revision&revision=1774161, http://svn.apache.org/viewvc?view=revision&revision=1774166, http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.11, http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M17"
230410.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP gdImageScaleTwoPass() Multiple Denial of Service Vulnerabilities (Windows)","This host is installed with PHP and is prone
2305 to multiple denial of service vulnerabilities.","Installed version: 5.3.10
2306Fixed version: 5.6.12",1.3.6.1.4.1.25623.1.0.808610,"CVE-2015-8877, CVE-2015-8879, CVE-2015-8874",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f58494a4-7294-4ca8-aeed-69dacc28443a,"Successfully exploiting this issue allow
2307 remote attackers to cause a denial of service (application crash or
2308 memory consuption).","Upgrade to PHP version 5.6.12
2309 or later.","PHP versions prior to 5.6.12 on Windows","Multiple flaws are due to
2310
2311 - An improper handling of driver behavior for SQL_WVARCHAR columns in the
2312 'odbc_bindcols function' in 'ext/odbc/php_odbc.c' script.
2313
2314 - The 'gdImageScaleTwoPass' function in gd_interpolation.c script in the
2315 GD Graphics Library uses inconsistent allocate and free approaches.","Checks if a vulnerable version is present on the target host.
2316Details:
2317PHP 'gdImageScaleTwoPass()' Multiple Denial of Service Vulnerabilities (Wind...
2318(OID: 1.3.6.1.4.1.25623.1.0.808610)
2319Version used: $Revision: 11903 $
2320","Product: cpe:/a:php:php:5.3.10
2321Method: PHP Version Detection (Remote)
2322(OID: 1.3.6.1.4.1.25623.1.0.800109)
2323","90866, 90842, 90714","CB-K17/1252, CB-K16/1776, CB-K16/0975, CB-K16/0965, CB-K16/0944, CB-K16/0937, CB-K16/0912, CB-K16/0911, CB-K16/0868, CB-K16/0805, CB-K16/0801, DFN-CERT-2017-1295, DFN-CERT-2016-1882, DFN-CERT-2016-1033, DFN-CERT-2016-1022, DFN-CERT-2016-1004, DFN-CERT-2016-0996, DFN-CERT-2016-0972, DFN-CERT-2016-0944, DFN-CERT-2016-0924, DFN-CERT-2016-0876, DFN-CERT-2016-0871, DFN-CERT-2016-0857, DFN-CERT-2016-0855","http://www.php.net/ChangeLog-5.php"
232410.10.0.4,METASPLOITABLE3,8282,tcp,5.0,Medium,"VendorFix","Apache Tomcat Hostname Verification Security Bypass Vulnerability (Windows)","This host is installed with Apache Tomcat
2325 and is prone to a security bypass vulnerability.","Installed version: 8.0.33
2326Fixed version: 8.0.53
2327Installation
2328path / port: /",1.3.6.1.4.1.25623.1.0.813742,"CVE-2018-8034",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,529a2cc9-b2ba-44ff-b03e-8727a8ffe1ab,"Successful exploitation will allow an attacker
2329 to bypass certain security restrictions and perform unauthorized actions.","Upgrade to Apache Tomcat version 9.0.10 or
2330 8.5.32 or 8.0.53 or 7.0.90 or later. For updates refer to Reference links.","Apache Tomcat versions 9.0.0.M1 to 9.0.9,
2331 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52 and 7.0.35 to 7.0.88 on Windows.","The flaw exists due to a missing host name
2332 verification when using TLS with the WebSocket client.","Checks if a vulnerable version is present on the target host.
2333Details:
2334Apache Tomcat 'Hostname Verification' Security Bypass Vulnerability (Windows)
2335(OID: 1.3.6.1.4.1.25623.1.0.813742)
2336Version used: $Revision: 12116 $
2337","Product: cpe:/a:apache:tomcat:8.0.33
2338Method: Apache Tomcat Version Detection
2339(OID: 1.3.6.1.4.1.25623.1.0.800371)
2340","","CB-K18/1005, CB-K18/0809, DFN-CERT-2019-0147, DFN-CERT-2018-2165, DFN-CERT-2018-2142, DFN-CERT-2018-1753, DFN-CERT-2018-1471, DFN-CERT-2018-1443, DFN-CERT-2018-1262","http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E, http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.10, http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53, http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.32, http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.90, http://tomcat.apache.org"
234110.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP Multiple Vulnerabilities - Jun13 (Windows)","This host is running PHP and is prone to multiple vulnerabilities.","Installed version: 5.3.10
2342Fixed version: 5.3.26/5.4.16",1.3.6.1.4.1.25623.1.0.803678,"CVE-2013-4635, CVE-2013-2110",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,6fbee00a-03fc-48cc-8940-a7eec28f27a4,"Successful exploitation allows attackers to execute arbitrary code or cause
2343 denial of service condition via crafted arguments.","Upgrade to PHP 5.4.16 or 5.3.26 or later.","PHP version before 5.3.26 and 5.4.x before 5.4.16","Multiple flaws are due to,
2344
2345 - Heap-based overflow in 'php_quot_print_encode' function in
2346 'ext/standard/quot_print.c' script.
2347
2348 - Integer overflow in the 'SdnToJewish' function in 'jewish.c' in the
2349 Calendar component.","
2350Details:
2351PHP Multiple Vulnerabilities - Jun13 (Windows)
2352(OID: 1.3.6.1.4.1.25623.1.0.803678)
2353Version used: $Revision: 11865 $
2354","Product: cpe:/a:php:php:5.3.10
2355Method: PHP Version Detection (Remote)
2356(OID: 1.3.6.1.4.1.25623.1.0.800109)
2357","60731, 60411","CB-K14/1480, DFN-CERT-2014-1566, DFN-CERT-2013-1494, DFN-CERT-2013-1450, DFN-CERT-2013-1446, DFN-CERT-2013-1445, DFN-CERT-2013-1444, DFN-CERT-2013-1392, DFN-CERT-2013-1347, DFN-CERT-2013-1195","http://www.php.net/ChangeLog-5.php, http://bugs.php.net/bug.php?id=64895, http://bugs.php.net/bug.php?id=64879, http://www.security-database.com/detail.php?alert=CVE-2013-4635, http://www.security-database.com/detail.php?alert=CVE-2013-2110, http://www.php.net/downloads.php"
235810.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP Multiple Denial of Service Vulnerabilities - 01 - Jan17 (Windows)","This host is installed with PHP and is prone
2359 to multiple denial of service vulnerabilities.","Installed version: 5.3.10
2360Fixed version: 5.6.30",1.3.6.1.4.1.25623.1.0.108053,"CVE-2016-10161, CVE-2016-10158",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b0a7069d-6e36-420a-a575-e979b8c9ad09,"Successfully exploiting this issue allow
2361 remote attackers to cause a denial of service (buffer over-read or application crash).","Upgrade to PHP version 5.6.30, 7.0.15, 7.1.1
2362 or later.","PHP versions before 5.6.30, 7.0.x before
2363 7.0.15, and 7.1.x before 7.1.1.","Multiple flaws are due to
2364
2365 - The exif_convert_any_to_int function in ext/exif/exif.c tries to divide
2366 the minimum representable negative integer by -1.
2367
2368 - A mishandled serialized data in a finish_nested_data call within the
2369 object_common1 function in ext/standard/var_unserializer.c.","Checks if a vulnerable version is present on the target host.
2370Details:
2371PHP Multiple Denial of Service Vulnerabilities - 01 - Jan17 (Windows)
2372(OID: 1.3.6.1.4.1.25623.1.0.108053)
2373Version used: $Revision: 11874 $
2374","Product: cpe:/a:php:php:5.3.10
2375Method: PHP Version Detection (Remote)
2376(OID: 1.3.6.1.4.1.25623.1.0.800109)
2377","","CB-K17/0527, CB-K17/0327, CB-K17/0318, CB-K17/0269, CB-K17/0141, DFN-CERT-2018-0835, DFN-CERT-2017-0532, DFN-CERT-2017-0334, DFN-CERT-2017-0325, DFN-CERT-2017-0274, DFN-CERT-2017-0144","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
237810.10.0.4,METASPLOITABLE3,8282,tcp,5.0,Medium,"VendorFix","Apache Tomcat UTF-8 Decoder Denial of Service Vulnerability (Windows)","This host is installed with Apache Tomcat
2379 and is prone to denial of service vulnerability.","Installed version: 8.0.33
2380Fixed version: 8.0.52
2381Installation
2382path / port: /",1.3.6.1.4.1.25623.1.0.813724,"CVE-2018-1336",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,c9a33c09-f74d-41d5-b7bb-c951b1a7c33a,"Successful exploitation will allow an attacker
2383 to conduct a denial-of-service condition.","Upgrade to Apache Tomcat version 9.0.8 or
2384 8.5.31 or 8.0.52 or 7.0.90 or later. For updates refer to Reference links.","Apache Tomcat 9.0.0.M9 to 9.0.7
2385 Apache Tomcat 8.5.0 to 8.5.30
2386 Apache Tomcat 8.0.0.RC1 to 8.0.51
2387 Apache Tomcat 7.0.28 to 7.0.86 on Windows.","The flaw exists due to improper handing
2388 of overflow in the UTF-8 decoder with supplementary characters.","Checks if a vulnerable version is present on the target host.
2389Details:
2390Apache Tomcat 'UTF-8 Decoder' Denial of Service Vulnerability (Windows)
2391(OID: 1.3.6.1.4.1.25623.1.0.813724)
2392Version used: $Revision: 12116 $
2393","Product: cpe:/a:apache:tomcat:8.0.33
2394Method: Apache Tomcat Version Detection
2395(OID: 1.3.6.1.4.1.25623.1.0.800371)
2396","","CB-K18/0809, DFN-CERT-2018-2474, DFN-CERT-2018-2165, DFN-CERT-2018-2142, DFN-CERT-2018-2133, DFN-CERT-2018-2125, DFN-CERT-2018-2097, DFN-CERT-2018-1928, DFN-CERT-2018-1753, DFN-CERT-2018-1541, DFN-CERT-2018-1471, DFN-CERT-2018-1443, DFN-CERT-2018-1262","http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E, http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.8, http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.31, http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.52, http://tomcat.apache.org"
239710.10.0.4,METASPLOITABLE3,8383,tcp,5.0,Medium,"Mitigation","SSL/TLS: Report Vulnerable Cipher Suites for HTTPS","This routine reports all SSL/TLS cipher suites accepted by a service
2398 where attack vectors exists only on HTTPS services.","'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:
2399
2400TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
2401TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
2402TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
2403
2404'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:
2405
2406TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
2407TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
2408TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
2409
2410'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:
2411
2412TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
2413TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
2414TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)",1.3.6.1.4.1.25623.1.0.108031,"CVE-2016-2183, CVE-2016-6329",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,1fe0cae4-f325-41d2-bf72-a6a16604485e,"","The configuration of this services should be changed so
2415 that it does not accept the listed cipher suites anymore.
2416
2417 Please see the references for more resources supporting you with this task.","Services accepting vulnerable SSL/TLS cipher suites via HTTPS.","These rules are applied for the evaluation of the vulnerable cipher suites:
2418
2419 - 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).","
2420Details:
2421SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
2422(OID: 1.3.6.1.4.1.25623.1.0.108031)
2423Version used: $Revision: 5232 $
2424","","","CB-K18/0296, CB-K17/1980, CB-K17/1871, CB-K17/1803, CB-K17/1753, CB-K17/1750, CB-K17/1709, CB-K17/1558, CB-K17/1273, CB-K17/1202, CB-K17/1196, CB-K17/1055, CB-K17/1026, CB-K17/0939, CB-K17/0917, CB-K17/0915, CB-K17/0877, CB-K17/0796, CB-K17/0724, CB-K17/0661, CB-K17/0657, CB-K17/0582, CB-K17/0581, CB-K17/0506, CB-K17/0504, CB-K17/0467, CB-K17/0345, CB-K17/0098, CB-K17/0089, CB-K17/0086, CB-K17/0082, CB-K16/1837, CB-K16/1830, CB-K16/1635, CB-K16/1630, CB-K16/1624, CB-K16/1622, CB-K16/1500, CB-K16/1465, CB-K16/1307, CB-K16/1296, DFN-CERT-2019-0068, DFN-CERT-2018-1296, DFN-CERT-2018-0323, DFN-CERT-2017-2070, DFN-CERT-2017-1954, DFN-CERT-2017-1885, DFN-CERT-2017-1831, DFN-CERT-2017-1821, DFN-CERT-2017-1785, DFN-CERT-2017-1626, DFN-CERT-2017-1326, DFN-CERT-2017-1239, DFN-CERT-2017-1238, DFN-CERT-2017-1090, DFN-CERT-2017-1060, DFN-CERT-2017-0968, DFN-CERT-2017-0947, DFN-CERT-2017-0946, DFN-CERT-2017-0904, DFN-CERT-2017-0816, DFN-CERT-2017-0746, DFN-CERT-2017-0677, DFN-CERT-2017-0675, DFN-CERT-2017-0611, DFN-CERT-2017-0609, DFN-CERT-2017-0522, DFN-CERT-2017-0519, DFN-CERT-2017-0482, DFN-CERT-2017-0351, DFN-CERT-2017-0090, DFN-CERT-2017-0089, DFN-CERT-2017-0088, DFN-CERT-2017-0086, DFN-CERT-2016-1943, DFN-CERT-2016-1937, DFN-CERT-2016-1732, DFN-CERT-2016-1726, DFN-CERT-2016-1715, DFN-CERT-2016-1714, DFN-CERT-2016-1588, DFN-CERT-2016-1555, DFN-CERT-2016-1391, DFN-CERT-2016-1378","https://bettercrypto.org/, https://mozilla.github.io/server-side-tls/ssl-config-generator/, https://sweet32.info/"
242510.10.0.4,METASPLOITABLE3,,,5.0,Medium,"NoneAvailable","WordPress load-scripts.php Denial of Service Vulnerability (Windows)","This host is running WordPress and is prone
2426 to a denial of service vulnerability.","Installed version: 4.6.1
2427Fixed version: NoneAvailable
2428Installation
2429path / port: /wordpress",1.3.6.1.4.1.25623.1.0.812692,"CVE-2018-6389",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7adc5ce4-778e-4b05-9877-6159003419e7,"Successful exploitation will allow remote
2430 attackers to conduct a denial of service condition on affected system.","No known solution is available as of 28th December, 2018. Information
2431 regarding this issue will be updated once solution details are available.","WordPress versions 4.9.2 and prior on Windows","The flaw exists as the file 'load-scripts.php'
2432 do not require any authentication and file selectively calls required JavaScript
2433 files by passing their names into the 'load' parameter, separated by a comma.","Checks if a vulnerable version is present on the target host.
2434Details:
2435WordPress 'load-scripts.php' Denial of Service Vulnerability (Windows)
2436(OID: 1.3.6.1.4.1.25623.1.0.812692)
2437Version used: $Revision: 12897 $
2438","Product: cpe:/a:wordpress:wordpress:4.6.1
2439Method: WordPress Version Detection
2440(OID: 1.3.6.1.4.1.25623.1.0.900182)
2441","","","https://thehackernews.com/2018/02/wordpress-dos-exploit.html, https://baraktawily.blogspot.in/2018/02/how-to-dos-29-of-world-wide-websites.html"
244210.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP URL checks Security Bypass Vulnerability Jul17 (Windows)","This host is installed with PHP and is prone
2443 to security bypass vulnerability.","Installed version: 5.3.10
2444Fixed version: 5.6.28",1.3.6.1.4.1.25623.1.0.811488,"CVE-2016-10397",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f6f3a5a5-4aa3-40d5-9748-684d58bfa2ba,"Successfully exploiting this issue allow
2445 an attacker to bypass hostname-specific URL checks.","Upgrade to PHP version 5.6.28, 7.0.13,
2446 or later.","PHP versions before 5.6.28, 7.x before 7.0.13","The flaw exists due to incorrect handling of
2447 various URI components in the URL parser.","Checks if a vulnerable version is present on the target host.
2448Details:
2449PHP 'URL checks' Security Bypass Vulnerability Jul17 (Windows)
2450(OID: 1.3.6.1.4.1.25623.1.0.811488)
2451Version used: $Revision: 11959 $
2452","Product: cpe:/a:php:php:5.3.10
2453Method: PHP Version Detection (Remote)
2454(OID: 1.3.6.1.4.1.25623.1.0.800109)
2455","","CB-K17/1575, CB-K17/1461, CB-K17/1358, DFN-CERT-2017-1647, DFN-CERT-2017-1529, DFN-CERT-2017-1420","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
245610.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)","The host is running Apache HTTP Server and is prone to denial
2457 of service vulnerability.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.802683,"CVE-2012-4557",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,a59f16be-8890-4f96-984f-92d2bd9c5ea9,"Successful exploitation could allow remote attackers to cause a denial of
2458 service condition via an expensive request.","Apply patch or upgrade Apache HTTP Server 2.2.22 or later.
2459 *****
2460 NOTE: Ignore this warning, if above mentioned patch is manually applied.
2461 *****","Apache HTTP Server version 2.2.12 through 2.2.21","The flaw is due to an error in the mod_proxy_ajp module, which places a worker
2462 node into an error state upon detection of a long request-processing time.","
2463Details:
2464Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
2465(OID: 1.3.6.1.4.1.25623.1.0.802683)
2466Version used: $Revision: 11861 $
2467","Product: cpe:/a:apache:http_server:2.2.21
2468Method: Apache Web Server Detection
2469(OID: 1.3.6.1.4.1.25623.1.0.900498)
2470","56753","DFN-CERT-2013-0342, DFN-CERT-2013-0237, DFN-CERT-2012-2191","https://bugzilla.redhat.com/show_bug.cgi?id=871685, http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22, http://svn.apache.org/viewvc?view=revision&revision=1227298, http://svn.apache.org/viewvc?view=revision&revision=1227298"
247110.10.0.4,METASPLOITABLE3,8484,tcp,5.0,Medium,"VendorFix","Jenkins < 2.107 and < 2.89.4 LTS Multiple Vulnerabilities (Windows)","This host is installed with Jenkins and is prone to multiple vulnerabilities.","Installed version: 1.637
2472Fixed version: 2.107",1.3.6.1.4.1.25623.1.0.112228,"CVE-2018-6356, CVE-2018-1000067, CVE-2018-1000068",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,6f175116-9505-448c-928d-71857cef8111,"","Upgrade to Jenkins weekly to 2.107 or later / Jenkins LTS to 2.89.4 or
2473 later.","Jenkins LTS up to and including 2.89.3, Jenkins weekly up to and including 2.106.","Jenkins is prone to the following vulnerabilities:
2474
2475 - Path traversal vulnerability which allows access to files outside plugin resources. (CVE-2018-6356)
2476
2477 - Improperly secured form validation for proxy configuration, allowing Server-Side Request Forgery. (CVE-2018-1000067)
2478
2479 - Improper input validation, allowing unintended access to plugin resource files on case-insensitive file systems. (CVE-2018-1000068)","Checks if a vulnerable version is present on the target host.
2480Details:
2481Jenkins < 2.107 and < 2.89.4 LTS Multiple Vulnerabilities (Windows)
2482(OID: 1.3.6.1.4.1.25623.1.0.112228)
2483Version used: $Revision: 12761 $
2484","Product: cpe:/a:jenkins:jenkins:1.637
2485Method: Jenkins CI Detection
2486(OID: 1.3.6.1.4.1.25623.1.0.111001)
2487","","CB-K18/0315, DFN-CERT-2018-0340","https://jenkins.io/security/advisory/2018-02-14/, https://www.cloudbees.com"
248810.10.0.4,METASPLOITABLE3,3000,tcp,5.0,Medium,"VendorFix","Ruby on Rails Action Pack Denial of Service Vulnerability (Windows)","This host is running Ruby on Rails and is
2489 prone to denial of service vulnerability.","Installed version: 4.1.1
2490Fixed version: 4.2.5.1",1.3.6.1.4.1.25623.1.0.809362,"CVE-2015-7581",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,9e064bca-c31e-4ce9-b529-c3d8447faa6f,"Successful exploitation will allow a remote
2491 attacker to cause a denial of service condition.","Upgrade to Ruby on Rails 4.2.5.1,
2492 or later.","Ruby on Rails 4.x before 4.2.5.1 on Windows.","The flaw is due to an error in
2493 'actionpack/lib/action_dispatch/routing/route_set.rb' script.","Checks if a vulnerable version is present on the target host.
2494Details:
2495Ruby on Rails Action Pack Denial of Service Vulnerability (Windows)
2496(OID: 1.3.6.1.4.1.25623.1.0.809362)
2497Version used: $Revision: 11961 $
2498","Product: cpe:/a:ruby-lang:ruby:2.3.3
2499Method: Ruby on Rails Version Detection
2500(OID: 1.3.6.1.4.1.25623.1.0.902089)
2501","81677","CB-K16/0625, CB-K16/0419, CB-K16/0166, CB-K16/0165, DFN-CERT-2016-0674, DFN-CERT-2016-0458, DFN-CERT-2016-0181, DFN-CERT-2016-0178","http://www.openwall.com/lists/oss-security/2016/01/25/14, http://rubyonrails.org"
250210.10.0.4,METASPLOITABLE3,22,tcp,5.0,Medium,"NoneAvailable","OpenSSH auth2-gss.c User Enumeration Vulnerability (Windows)","This host is installed with openssh and
2503 is prone to user enumeration vulnerability.","Installed version: 7.1
2504Fixed version: NoneAvailable
2505Installation
2506path / port: 22/tcp",1.3.6.1.4.1.25623.1.0.813887,"CVE-2018-15919",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,234161ff-f4e1-48f8-9ad3-a16e708fff2d,"Successfully exploitation will allow remote
2507 attacker to harvest valid user accounts, which may aid in brute-force attacks.","No known solution is available as of 08th January, 2019.
2508 Information regarding this issue will be updated once solution details are available.","OpenSSH version 5.9 to 7.8 on Windows.","The flaw exists in the 'auth-gss2.c' source
2509 code file of the affected software and is due to insufficient validation of
2510 an authentication request packet when the Guide Star Server II (GSS2) component
2511 is used on an affected system.","Checks if a vulnerable version is present
2512 on the target host.
2513Details:
2514OpenSSH 'auth2-gss.c' User Enumeration Vulnerability (Windows)
2515(OID: 1.3.6.1.4.1.25623.1.0.813887)
2516Version used: $Revision: 12966 $
2517","Product: cpe:/a:openbsd:openssh:7.1
2518Method: SSH Server type and version
2519(OID: 1.3.6.1.4.1.25623.1.0.10267)
2520","","CB-K18/0885, DFN-CERT-2018-2293, DFN-CERT-2018-2191","http://www.openssh.com, https://bugzilla.novell.com/show_bug.cgi?id=1106163, https://seclists.org/oss-sec/2018/q3/180"
252110.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP timelib_meridian Heap Based Buffer Overflow Vulnerability (Windows)","This host is installed with PHP and is prone
2522 to heap buffer overflow vulnerability.","Installed version: 5.3.10
2523Fixed version: 5.6.32
2524Installation
2525path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.812072,"CVE-2017-16642",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7bb20cd1-8638-49ce-a86b-f0851f9cb15a,"Successfully exploiting this issue allow
2526 attacker to execute arbitrary code with elevated privileges within the context
2527 of a privileged process.","Upgrade to PHP version 5.6.32, 7.0.25, 7.1.11,
2528 or later.","PHP versions before 5.6.32, 7.x before 7.0.25,
2529 and 7.1.x before 7.1.11","The flaw exists due to an error in the date
2530 extension's 'timelib_meridian' handling of 'front of' and 'back of' directives.","Checks if a vulnerable version is present on the target host.
2531Details:
2532PHP 'timelib_meridian' Heap Based Buffer Overflow Vulnerability (Windows)
2533(OID: 1.3.6.1.4.1.25623.1.0.812072)
2534Version used: $Revision: 11983 $
2535","Product: cpe:/a:php:php:5.3.10
2536Method: PHP Version Detection (Remote)
2537(OID: 1.3.6.1.4.1.25623.1.0.800109)
2538","101745","CB-K18/0270, CB-K18/0048, CB-K17/2123, DFN-CERT-2018-0835, DFN-CERT-2018-0733, DFN-CERT-2018-0290, DFN-CERT-2018-0055, DFN-CERT-2017-2219","http://php.net/ChangeLog-5.php, http://php.net/ChangeLog-7.php, https://bugs.php.net/bug.php?id=75055, http://www.php.net"
253910.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP Multiple Heap Buffer Overflow and Information Disclosure Vulnerabilities (Windows)","This host is installed with PHP and is prone
2540 to multiple heap buffer overflow and information disclosure vulnerabilities.","Installed version: 5.3.10
2541Fixed version: 5.6.37
2542Installation
2543path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.813597,"CVE-2018-14851, CVE-2018-14883, CVE-2018-15132",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,4eeda862-02e4-4c88-bdeb-b433a0c05545,"Successful exploitation will allow attackers
2544 to cause heap overflow, denial of service and disclose sensitive information.","Upgrade to PHP version 5.6.37, 7.0.31,
2545 7.1.20 or 7.2.8 or later. For updates refer to Reference links.","PHP versions before 5.6.37, 7.0.x before
2546 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8","Multiple flaws exist due to,
2547
2548 - exif_process_IFD_in_MAKERNOTE function in exif.c file suffers from
2549 improper validation against crafted JPEG files.
2550
2551 - exif_thumbnail_extract function in exif.c file suffers from improper
2552 validation of length of 'ImageInfo->Thumbnail.offset + ImageInfo->Thumbnail.size'
2553
2554 - linkinfo function on windows doesn't implement openbasedir check.","Checks if a vulnerable version is present on the target host.
2555Details:
2556PHP Multiple Heap Buffer Overflow and Information Disclosure Vulnerabilities...
2557(OID: 1.3.6.1.4.1.25623.1.0.813597)
2558Version used: $Revision: 12120 $
2559","Product: cpe:/a:php:php:5.3.10
2560Method: PHP Version Detection (Remote)
2561(OID: 1.3.6.1.4.1.25623.1.0.800109)
2562","","CB-K18/0838, DFN-CERT-2018-2116, DFN-CERT-2018-1882, DFN-CERT-2018-1835, DFN-CERT-2018-1834, DFN-CERT-2018-1777, DFN-CERT-2018-1655","https://access.redhat.com/security/cve/cve-2018-14851, http://www.php.net, https://bugs.php.net/bug.php?id=76557, https://bugs.php.net/bug.php?id=76423, https://bugs.php.net/bug.php?id=76459"
256310.10.0.4,METASPLOITABLE3,3820,tcp,5.0,Medium,"Mitigation","SSL/TLS: Untrusted Certificate Authorities","The service is using a SSL/TLS certificate from a known untrusted certificate authority.
2564 An attacker could use this for MitM attacks, accessing sensible data and other attacks.","The certificate of the remote service is signed by the following untrusted Certificate Authority:
2565
2566Issuer: CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US
2567
2568Certificate details:
2569subject ...: CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US
2570subject alternative names (SAN):
2571None
2572issued by .: CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US
2573serial ....: 04A9972F
2574valid from : 2013-05-15 05:33:38 UTC
2575valid until: 2023-05-13 05:33:38 UTC
2576fingerprint (SHA-1): 4A5758F59279E82F2A913C83CA658D6964575A72
2577fingerprint (SHA-256): AB48B2E6C44C50867FB3703083F1CEE806F4B575F0E3AD5B23381002A885F556",1.3.6.1.4.1.25623.1.0.113054,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,ed0250a6-662f-4d5e-a78c-768d6520d321,"","Replace the SSL/TLS certificate with one signed by a trusted certificate authority.","","","The script reads the certificate used by the target host and checks if it was
2578 signed by an untrusted certificate authority.
2579Details:
2580SSL/TLS: Untrusted Certificate Authorities
2581(OID: 1.3.6.1.4.1.25623.1.0.113054)
2582Version used: $Revision: 11874 $
2583","","","",""
258410.10.0.4,METASPLOITABLE3,8181,tcp,5.0,Medium,"Mitigation","SSL/TLS: Untrusted Certificate Authorities","The service is using a SSL/TLS certificate from a known untrusted certificate authority.
2585 An attacker could use this for MitM attacks, accessing sensible data and other attacks.","The certificate of the remote service is signed by the following untrusted Certificate Authority:
2586
2587Issuer: CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US
2588
2589Certificate details:
2590subject ...: CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US
2591subject alternative names (SAN):
2592None
2593issued by .: CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US
2594serial ....: 04A9972F
2595valid from : 2013-05-15 05:33:38 UTC
2596valid until: 2023-05-13 05:33:38 UTC
2597fingerprint (SHA-1): 4A5758F59279E82F2A913C83CA658D6964575A72
2598fingerprint (SHA-256): AB48B2E6C44C50867FB3703083F1CEE806F4B575F0E3AD5B23381002A885F556",1.3.6.1.4.1.25623.1.0.113054,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,6262ec8a-d582-499b-a2ad-522da10af886,"","Replace the SSL/TLS certificate with one signed by a trusted certificate authority.","","","The script reads the certificate used by the target host and checks if it was
2599 signed by an untrusted certificate authority.
2600Details:
2601SSL/TLS: Untrusted Certificate Authorities
2602(OID: 1.3.6.1.4.1.25623.1.0.113054)
2603Version used: $Revision: 11874 $
2604","","","",""
260510.10.0.4,METASPLOITABLE3,4848,tcp,5.0,Medium,"Mitigation","SSL/TLS: Untrusted Certificate Authorities","The service is using a SSL/TLS certificate from a known untrusted certificate authority.
2606 An attacker could use this for MitM attacks, accessing sensible data and other attacks.","The certificate of the remote service is signed by the following untrusted Certificate Authority:
2607
2608Issuer: CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US
2609
2610Certificate details:
2611subject ...: CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US
2612subject alternative names (SAN):
2613None
2614issued by .: CN=localhost,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US
2615serial ....: 04A9972F
2616valid from : 2013-05-15 05:33:38 UTC
2617valid until: 2023-05-13 05:33:38 UTC
2618fingerprint (SHA-1): 4A5758F59279E82F2A913C83CA658D6964575A72
2619fingerprint (SHA-256): AB48B2E6C44C50867FB3703083F1CEE806F4B575F0E3AD5B23381002A885F556",1.3.6.1.4.1.25623.1.0.113054,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,bc78a712-cd6e-4250-b58c-8a79a22e1f67,"","Replace the SSL/TLS certificate with one signed by a trusted certificate authority.","","","The script reads the certificate used by the target host and checks if it was
2620 signed by an untrusted certificate authority.
2621Details:
2622SSL/TLS: Untrusted Certificate Authorities
2623(OID: 1.3.6.1.4.1.25623.1.0.113054)
2624Version used: $Revision: 11874 $
2625","","","",""
262610.10.0.4,METASPLOITABLE3,3000,tcp,5.0,Medium,"VendorFix","Ruby on Rails Active Support Denial of Service Vulnerability (Windows)","This host is running Ruby on Rails and is
2627 prone to denial of service vulnerability.","Installed version: 4.1.1
2628Fixed version: 4.1.11",1.3.6.1.4.1.25623.1.0.807383,"CVE-2015-3227",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,65685d35-f156-4337-8cfd-0b18e6c33398,"Successful exploitation will allow a remote
2629 attacker to cause denial of service attack.","Upgrade to Ruby on Rails 4.1.11,
2630 4.2.2 or later.","Ruby on Rails before 4.1.11 and
2631 Ruby on Rails 4.2.x before 4.2.2 on Windows.","The flaw is due to Specially crafted XML
2632 documents can cause applications to raise a SystemStackError and potentially
2633 cause a denial of service attack.","Checks if a vulnerable version is present on the target host.
2634Details:
2635Ruby on Rails Active Support Denial of Service Vulnerability (Windows)
2636(OID: 1.3.6.1.4.1.25623.1.0.807383)
2637Version used: $Revision: 11888 $
2638","Product: cpe:/a:ruby-lang:ruby:2.3.3
2639Method: Ruby on Rails Version Detection
2640(OID: 1.3.6.1.4.1.25623.1.0.902089)
2641","","CB-K16/0166, CB-K15/1056, CB-K15/0856, DFN-CERT-2016-0181, DFN-CERT-2015-1111, DFN-CERT-2015-0899","http://openwall.com/lists/oss-security/2015/06/16/16, https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J, http://rubyonrails.org"
264210.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP Fileinfo Component Denial of Service Vulnerability (Windows)","This host is installed with PHP and is prone
2643 to denial of service vulnerability.","Installed version: 5.3.10
2644Fixed version: 5.6.0",1.3.6.1.4.1.25623.1.0.808668,"CVE-2014-0236",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,c01944f7-a8d1-4040-a1d2-5097d3a4615c,"Successfully exploiting this issue allow
2645 remote attackers to cause a denial of service.","Upgrade to PHP version 5.6.0","PHP versions prior to 5.6.0 on Windows","The flaw is due an improper validation of input
2646 to zero root_storage value in a CDF file.","Checks if a vulnerable version is present on the target host.
2647Details:
2648PHP Fileinfo Component Denial of Service Vulnerability (Windows)
2649(OID: 1.3.6.1.4.1.25623.1.0.808668)
2650Version used: $Revision: 11903 $
2651","Product: cpe:/a:php:php:5.3.10
2652Method: PHP Version Detection (Remote)
2653(OID: 1.3.6.1.4.1.25623.1.0.800109)
2654","90957","","http://www.php.net/ChangeLog-5.php"
265510.10.0.4,METASPLOITABLE3,8484,tcp,5.0,Medium,"VendorFix","Jenkins Cross Site Scripting And Information disclosure Vulnerabilities Apr18 (Windows)","This host is running Jenkins and is prone
2656 to cross site scripting and information disclosure vulnerabilities.","Installed version: 1.637
2657Fixed version: 2.116
2658Installation
2659path / port: /",1.3.6.1.4.1.25623.1.0.813315,"CVE-2018-1000169, CVE-2018-1000170",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,caacaf49-3c32-46b4-b072-09f0e7bf33ef,"Successful exploitation will allow remote
2660 attackers to execute a script on victim's Web browser within the security
2661 context of the hosting Web site and also disclose sensitive information.","Upgrade to Jenkins weekly to 2.116 or
2662 later, Jenkins LTS to 2.107.2 or later. For updates refer to Reference links.","Jenkins 2.115 and older, LTS 2.107.1 and
2663 older.","Multiple flaws are due to,
2664
2665 - Some JavaScript confirmation dialogs included the item name in an unsafe
2666 manner.
2667
2668 - The Jenkins CLI send different error responses for commands with view and
2669 agent arguments depending on the existence of the specified views or agents
2670 to unauthorized users.","Checks if a vulnerable version is present on the target host.
2671Details:
2672Jenkins Cross Site Scripting And Information disclosure Vulnerabilities Apr1...
2673(OID: 1.3.6.1.4.1.25623.1.0.813315)
2674Version used: $Revision: 12761 $
2675","Product: cpe:/a:jenkins:jenkins:1.637
2676Method: Jenkins CI Detection
2677(OID: 1.3.6.1.4.1.25623.1.0.111001)
2678","","","https://jenkins.io/security/advisory/2018-04-11/#SECURITY-759, https://www.cloudbees.com"
267910.10.0.4,METASPLOITABLE3,8282,tcp,5.0,Medium,"VendorFix","Apache Tomcat pipelined Requests Information Disclosure Vulnerability (Windows)","This host is installed with Apache Tomcat
2680 and is prone to information disclosure vulnerability.","Installed version: 8.0.33
2681Fixed version: 8.0.43",1.3.6.1.4.1.25623.1.0.810762,"CVE-2017-5647",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,a4019ef3-aa4f-4a33-813d-c09af75bf7a6,"Successful exploitation will allows remote
2682 attackers to obtain sensitive information from requests other then their own.","Upgrade to version 9.0.0.M19,
2683 8.5.13, 8.0.43, 7.0.77, 6.0.53 or later.","Apache Tomcat versions 9.0.0.M1 to 9.0.0.M18,
2684 Apache Tomcat versions 8.5.0 to 8.5.12,
2685 Apache Tomcat versions 8.0.0.RC1 to 8.0.42,
2686 Apache Tomcat versions 7.0.0 to 7.0.76 and
2687 Apache Tomcat versions 6.0.0 to 6.0.52 on Windows.","A bug in the handling of the pipelined
2688 requests when send file was used resulted in the pipelined request being
2689 lost when send file processing of the previous request completed.","Checks if a vulnerable version is present on the target host.
2690Details:
2691Apache Tomcat 'pipelined' Requests Information Disclosure Vulnerability (Win...
2692(OID: 1.3.6.1.4.1.25623.1.0.810762)
2693Version used: $Revision: 11888 $
2694","Product: cpe:/a:apache:tomcat:8.0.33
2695Method: Apache Tomcat Version Detection
2696(OID: 1.3.6.1.4.1.25623.1.0.800371)
2697","","CB-K18/0047, CB-K17/1831, CB-K17/1423, CB-K17/1246, CB-K17/1205, CB-K17/1060, CB-K17/1033, CB-K17/0801, CB-K17/0604, DFN-CERT-2018-0051, DFN-CERT-2017-1914, DFN-CERT-2017-1485, DFN-CERT-2017-1288, DFN-CERT-2017-1243, DFN-CERT-2017-1095, DFN-CERT-2017-1068, DFN-CERT-2017-0828, DFN-CERT-2017-0624","http://tomcat.apache.org/security-9.html, http://tomcat.apache.org/security-8.html, http://tomcat.apache.org/security-7.html, http://tomcat.apache.org/security-6.html, https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E, http://tomcat.apache.org"
269810.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP openssl_encrypt() Function Information Disclosure Vulnerability (Windows)","This host is installed with PHP and is prone to information
2699 disclosure vulnerability","Installed version: 5.3.10
2700Fixed version: 5.3.14",1.3.6.1.4.1.25623.1.0.803164,"CVE-2012-6113",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,063a9880-8a21-46f9-acfc-b7636a744a28,"Successful exploitation will allow remote attackers to obtain sensitive
2701 information from process memory by providing zero bytes of input data.","Apply the patch or upgrade to the latest version from the references.
2702
2703 *****
2704 NOTE: Ignore this warning, if above mentioned patch is manually applied.
2705 *****","PHP version 5.3.9 through 5.3.13 on Windows","The flaw is due to error in 'openssl_encrypt()' function when handling empty
2706 $data strings which will allow an attacker to gain access to arbitrary pieces
2707 of information in current memory.","
2708Details:
2709PHP 'openssl_encrypt()' Function Information Disclosure Vulnerability (Windo...
2710(OID: 1.3.6.1.4.1.25623.1.0.803164)
2711Version used: $Revision: 11883 $
2712","Product: cpe:/a:php:php:5.3.10
2713Method: PHP Version Detection (Remote)
2714(OID: 1.3.6.1.4.1.25623.1.0.800109)
2715","57462","","http://www.php.net/downloads.php, https://bugs.php.net/bug.php?id=61413, http://xforce.iss.net/xforce/xfdb/81400, http://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e"
271610.10.0.4,METASPLOITABLE3,3000,tcp,5.0,Medium,"VendorFix","Ruby on Rails Action View render Directory Traversal Vulnerability (Windows)","This host is running Ruby on Rails and is
2717 prone to directory traversal vulnerability.","Installed version: 4.1.1
2718Fixed version: 4.1.14.2",1.3.6.1.4.1.25623.1.0.809354,"CVE-2016-2097",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f7861c09-efc2-4458-8121-7ca40dd22494,"Successful exploitation will allow a remote
2719 attackers to read arbitrary files by leveraging an application's unrestricted
2720 use of the render method.","Upgrade to Ruby on Rails 3.2.22.2 or 4.1.14.2
2721 or later.","Ruby on Rails before 3.2.22.2,
2722 Ruby on Rails 4.x before 4.1.14.2 on Windows.","The flaw is due to an improper validation of
2723 crafted requests to action view, one of the components of action pack.","Checks if a vulnerable version is present on the target host.
2724Details:
2725Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Window...
2726(OID: 1.3.6.1.4.1.25623.1.0.809354)
2727Version used: $Revision: 12149 $
2728","Product: cpe:/a:ruby-lang:ruby:2.3.3
2729Method: Ruby on Rails Version Detection
2730(OID: 1.3.6.1.4.1.25623.1.0.902089)
2731","83726","CB-K16/0522, CB-K16/0419, CB-K16/0372, DFN-CERT-2016-0566, DFN-CERT-2016-0458, DFN-CERT-2016-0404","https://www.debian.org/security/2016/dsa-3509, https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ, http://rubyonrails.org"
273210.10.0.4,METASPLOITABLE3,8282,tcp,5.0,Medium,"VendorFix","Apache Tomcat Security Bypass Vulnerability (Windows)","This host is installed with Apache Tomcat
2733 and is prone to security bypass vulnerability.","Installed version: 8.0.33
2734Fixed version: 8.0.44",1.3.6.1.4.1.25623.1.0.811140,"CVE-2017-5664",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,8cf05f20-7193-4575-a97a-9aec96dfef2d,"Successful exploitation will allow an attacker to
2735 exploit this issue to bypass certain security restrictions and perform
2736 unauthorized actions. This may lead to further attacks.","Upgrade to version 9.0.0.M21, or 8.5.15,
2737 or 8.0.44, or 7.0.78 or later.","Apache Tomcat 9.0.0.M1 to 9.0.0.M20,
2738 Apache Tomcat 8.5.0 to 8.5.14,
2739 Apache Tomcat 8.0.0.RC1 to 8.0.43 and
2740 Apache Tomcat 7.0.0 to 7.0.77 on Windows","The error page mechanism of the Java Servlet
2741 Specification requires that, when an error occurs and an error page is
2742 configured for the error that occurred, the original request and response are
2743 forwarded to the error page. This means that the request is presented to the
2744 error page with the original HTTP method. If the error page is a static file,
2745 expected behaviour is to serve content of the file as if processing a GET request,
2746 regardless of the actual HTTP method. Tomcat's Default Servlet did not do this.
2747 Depending on the original request this could lead to unexpected and undesirable
2748 results for static error pages including, if the DefaultServlet is configured to
2749 permit writes, the replacement or removal of the custom error page","Checks if a vulnerable version is present on the target host.
2750Details:
2751Apache Tomcat Security Bypass Vulnerability (Windows)
2752(OID: 1.3.6.1.4.1.25623.1.0.811140)
2753Version used: $Revision: 11863 $
2754","Product: cpe:/a:apache:tomcat:8.0.33
2755Method: Apache Tomcat Version Detection
2756(OID: 1.3.6.1.4.1.25623.1.0.800371)
2757","98888","CB-K18/0605, CB-K18/0603, CB-K18/0478, CB-K18/0066, CB-K18/0047, CB-K17/2024, CB-K17/2017, CB-K17/1831, CB-K17/1748, CB-K17/1492, CB-K17/1423, CB-K17/1257, CB-K17/1246, CB-K17/0977, DFN-CERT-2018-1274, DFN-CERT-2018-0729, DFN-CERT-2018-0513, DFN-CERT-2018-0077, DFN-CERT-2018-0051, DFN-CERT-2017-2116, DFN-CERT-2017-2106, DFN-CERT-2017-1914, DFN-CERT-2017-1827, DFN-CERT-2017-1558, DFN-CERT-2017-1485, DFN-CERT-2017-1300, DFN-CERT-2017-1288, DFN-CERT-2017-1011","https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E, http://tomcat.apache.org"
275810.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","WordPress Multiple Vulnerabilities - July09","The host is running WordPress and is prone to Multiple Vulnerabilities.","Vulnerable url: http://10.10.0.4:8585/wordpress/wp-settings.php",1.3.6.1.4.1.25623.1.0.800657,"CVE-2009-2432, CVE-2009-2431, CVE-2009-2336, CVE-2009-2335, CVE-2009-2334",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,41b0bae5-ff44-4964-ba82-b7a905f3161b,"Successful exploitation will allow attackers to view the content of plugins
2759 configuration pages, inject malicious scripting code, or gain knowledge of
2760 sensitive username information.
2761
2762 Impact Level: Application","Update to Version 2.8.1
2763
2764 http://wordpress.org/download/","WordPress version prior to 2.8.1 on all running platform.","- Error in 'wp-settings.php' which may disclose the sensitive information via
2765 a direct request.
2766
2767 - username of a post's author is placed in an HTML comment, which allows
2768 remote attackers to obtain sensitive information by reading the HTML source.
2769
2770 - Error occur when user attampt for failed login or password request depending
2771 on whether the user account exists, and it can be exploited by enumerate
2772 valid usernames.
2773
2774 - wp-admin/admin.php does not require administrative authentication
2775 to access the configuration of a plugin, which allows attackers to specify a
2776 configuration file in the page parameter via collapsing-archives/options.txt,
2777 related-ways-to-take-action/options.php, wp-security-scan/securityscan.php,
2778 akismet/readme.txt and wp-ids/ids-admin.php.","
2779Details:
2780WordPress Multiple Vulnerabilities - July09
2781(OID: 1.3.6.1.4.1.25623.1.0.800657)
2782Version used: $Revision: 7290 $
2783","Product: cpe:/a:wordpress:wordpress:4.6.1
2784Method: WordPress Version Detection
2785(OID: 1.3.6.1.4.1.25623.1.0.900182)
2786","35581, 35584","DFN-CERT-2010-0125, DFN-CERT-2009-1593, DFN-CERT-2009-1208, DFN-CERT-2009-1188, DFN-CERT-2009-1144, DFN-CERT-2009-1081","http://www.vupen.com/english/advisories/2009/1833, http://securitytracker.com/alerts/2009/Jul/1022528.html, http://www.securityfocus.com/archive/1/archive/1/504795/100/0/threaded"
278710.10.0.4,METASPLOITABLE3,8282,tcp,5.0,Medium,"VendorFix","Apache Tomcat NIO HTTP connector Information Disclosure Vulnerability (Windows)","This host is installed with Apache Tomcat
2788 and is prone to information disclosure vulnerability.","Installed version: 8.0.33
2789Fixed version: 8.0.41",1.3.6.1.4.1.25623.1.0.811296,"CVE-2016-8745",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,3da4bbb7-aaf4-4ca9-a718-a0797bec349a,"Successful exploitation will allows remote
2790 attackers to gain access to potentially sensitive information.","Upgrade to Apache Tomcat version 9.0.0.M15
2791 or 8.5.9 or 8.0.41 or 7.0.75 or 6.0.50 or later.","Apache Tomcat versions 9.0.0.M1 to 9.0.0.M13,
2792 Apache Tomcat versions 8.5.0 to 8.5.8,
2793 Apache Tomcat versions 8.0.0.RC1 to 8.0.39,
2794 Apache Tomcat versions 7.0.0 to 7.0.73, and
2795 Apache Tomcat versions 6.0.16 to 6.0.48 on Windows.","The flaw exists due to error handling of the
2796 send file code for the NIO HTTP connector in Apache Tomcat resulting in the
2797 current Processor object being added to the Processor cache multiple times.
2798 This in turn means that the same Processor could be used for concurrent requests.
2799 Sharing a Processor can result in information leakage between requests including,
2800 not not limited to, session ID and the response body.","Checks if a vulnerable version is present on the target host.
2801Details:
2802Apache Tomcat NIO HTTP connector Information Disclosure Vulnerability (Windo...
2803(OID: 1.3.6.1.4.1.25623.1.0.811296)
2804Version used: $Revision: 11919 $
2805","Product: cpe:/a:apache:tomcat:8.0.33
2806Method: Apache Tomcat Version Detection
2807(OID: 1.3.6.1.4.1.25623.1.0.800371)
2808","94828","CB-K18/0605, CB-K17/1746, CB-K17/1060, CB-K17/1033, CB-K17/0801, CB-K17/0444, CB-K17/0397, CB-K17/0303, CB-K17/0133, CB-K17/0090, CB-K16/1929, DFN-CERT-2018-0729, DFN-CERT-2017-1822, DFN-CERT-2017-1095, DFN-CERT-2017-1068, DFN-CERT-2017-0828, DFN-CERT-2017-0456, DFN-CERT-2017-0404, DFN-CERT-2017-0308, DFN-CERT-2017-0137, DFN-CERT-2017-0095, DFN-CERT-2016-2037","https://bz.apache.org/bugzilla/show_bug.cgi?id=60409, http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M15, http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.41, http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.75, http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9, http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.50"
280910.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP WDDX Deserialization Denial of Service Vulnerability - (Windows)","This host is installed with PHP and is prone
2810 to denial of service vulnerability.","Installed version: 5.3.10
2811Fixed version: 5.6.31",1.3.6.1.4.1.25623.1.0.811485,"CVE-2017-11143",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,c21e1749-0836-4840-b321-2a564a2abf4d,"Successfully exploiting this issue allow
2812 remote attackers inject XML for deserialization to crash the PHP interpreter.","Upgrade to PHP version 5.6.31
2813 or later.","PHP versions before 5.6.31.","The flaw exists due to an invalid free error for
2814 an empty boolean element in ext/wddx/wddx.c script.","Checks if a vulnerable version is present on the target host.
2815Details:
2816PHP 'WDDX Deserialization' Denial of Service Vulnerability - (Windows)
2817(OID: 1.3.6.1.4.1.25623.1.0.811485)
2818Version used: $Revision: 11959 $
2819","Product: cpe:/a:php:php:5.3.10
2820Method: PHP Version Detection (Remote)
2821(OID: 1.3.6.1.4.1.25623.1.0.800109)
2822","","CB-K18/0048, CB-K17/1461, CB-K17/1358, CB-K17/1132, DFN-CERT-2018-0835, DFN-CERT-2018-0733, DFN-CERT-2018-0055, DFN-CERT-2017-1529, DFN-CERT-2017-1420, DFN-CERT-2017-1161","http://www.php.net/ChangeLog-5.php"
282310.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP CVE-2018-19935 - imap_mail Denial of Service Vulnerability (Windows)","This host is installed with PHP and is prone
2824 to a Denial of Service vulnerability.","Installed version: 5.3.10
2825Fixed version: 5.6.39
2826Installation
2827path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.108506,"CVE-2018-19935",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,2a458a97-7fc0-41e8-833f-0d43fe3e429d,"Successful exploitation will allow attackers
2828 to cause a denial of service of the affected application.","Update to version 5.6.39, 7.0.33, 7.1.26, 7.2.14, 7.3.0 or later.","PHP versions 5.x before 5.6.39, 7.0.x before 7.0.33, 7.1.x before 7.1.26
2829 and 7.2.x before 7.2.14.","The flaw exist due to a NULL pointer dereference and application crash
2830 via an empty string in the message argument to the imap_mail function of ext/imap/php_imap.c.","Checks if a vulnerable version is present on the target host.
2831Details:
2832PHP 'CVE-2018-19935' - 'imap_mail' Denial of Service Vulnerability (Windows)
2833(OID: 1.3.6.1.4.1.25623.1.0.108506)
2834Version used: $Revision: 12938 $
2835","Product: cpe:/a:php:php:5.3.10
2836Method: PHP Version Detection (Remote)
2837(OID: 1.3.6.1.4.1.25623.1.0.800109)
2838","106143","CB-K18/1154, DFN-CERT-2019-0044, DFN-CERT-2018-2476","https://bugs.php.net/bug.php?id=77020, http://www.securityfocus.com/bid/106143"
283910.10.0.4,METASPLOITABLE3,3000,tcp,5.0,Medium,"VendorFix","Ruby on Rails Acrive Record Security Bypass Vulnerability (Windows)","This host is running Ruby on Rails and is
2840 prone to security bypass vulnerabilities.","Installed version: 4.1.1
2841Fixed version: 4.1.14.1",1.3.6.1.4.1.25623.1.0.809358,"CVE-2015-7577",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,fa8bc765-f198-47d4-a700-170c46ff1712,"Successful exploitation will allow a remote
2842 attacker to bypass intended change restrictions by leveraging use of the nested
2843 attributes feature.","Upgrade to Ruby on Rails 3.2.22.1 or 4.1.14.1 or
2844 4.2.5.1, or later. ","Ruby on Rails before 3.1.x and 3.2.x before 3.2.22.1,
2845 Ruby on Rails 4.0.x and 4.1.x before 4.1.14.1 and
2846 Ruby on Rails 4.2.x before 4.2.5.1 on Windows.","The flaw is due to the script
2847 'activerecord/lib/active_record/nested_attributes.rb' does not properly implement
2848 a certain destroy option.","Checks if a vulnerable version is present on the target host.
2849Details:
2850Ruby on Rails Acrive Record Security Bypass Vulnerability (Windows)
2851(OID: 1.3.6.1.4.1.25623.1.0.809358)
2852Version used: $Revision: 11811 $
2853","Product: cpe:/a:ruby-lang:ruby:2.3.3
2854Method: Ruby on Rails Version Detection
2855(OID: 1.3.6.1.4.1.25623.1.0.902089)
2856","81806","CB-K17/0278, CB-K16/0625, CB-K16/0419, CB-K16/0254, CB-K16/0166, CB-K16/0165, DFN-CERT-2017-0284, DFN-CERT-2016-0674, DFN-CERT-2016-0458, DFN-CERT-2016-0272, DFN-CERT-2016-0181, DFN-CERT-2016-0178","http://www.openwall.com/lists/oss-security/2016/01/25/10, http://rubyonrails.org"
285710.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP open_basedir Secuirity Bypass Vulnerability (Windows)","This host is running PHP and is prone to security bypass
2858 vulnerability.","Installed version: 5.3.10
2859Fixed version: 5.3.15",1.3.6.1.4.1.25623.1.0.803318,"CVE-2012-3365",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,52a93fbc-eaa2-41f1-90e3-97e016606d60,"Successful exploitation could allow attackers to bypass certain security
2860 restrictions.","Upgrade to PHP 5.3.15 or later.","PHP version before 5.3.15","Flaw in SQLite functionality allows attackers to bypass the open_basedir
2861 protection mechanism.","
2862Details:
2863PHP 'open_basedir' Secuirity Bypass Vulnerability (Windows)
2864(OID: 1.3.6.1.4.1.25623.1.0.803318)
2865Version used: $Revision: 11865 $
2866","Product: cpe:/a:php:php:5.3.10
2867Method: PHP Version Detection (Remote)
2868(OID: 1.3.6.1.4.1.25623.1.0.800109)
2869","54612","CB-K17/1176, DFN-CERT-2017-1209, DFN-CERT-2013-1494, DFN-CERT-2012-1655, DFN-CERT-2012-1654, DFN-CERT-2012-1541, DFN-CERT-2012-1422","http://www.php.net/ChangeLog-5.php, http://en.securitylab.ru/nvd/427459.php, http://secunia.com/advisories/cve_reference/CVE-2012-3365, http://www.php.net/downloads.php"
287010.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP stream_get_meta_data Privilege Escalation Vulnerability (Windows)","This host is installed with PHP and is prone
2871 to privilege escalation vulnerability.","Installed version: 5.3.10
2872Fixed version: 5.5.32
2873Installation
2874path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.812513,"CVE-2016-10712",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,5842f5a9-a418-4698-82bf-aa57cdeb3cd4,"Successfully exploitation will allow an attacker
2875 to update the 'metadata' and affect on confidentiality, integrity, and availability.","Upgrade to PHP version 5.5.32, 7.0.3,
2876 or 5.6.18 or later.","PHP versions before 5.5.32, 7.0.x before
2877 7.0.3, and 5.6.x before 5.6.18 on Windows.","The flaw exists due to error in the function
2878 stream_get_meta_data of the component File Upload. The manipulation as part
2879 of a Return Value leads to a privilege escalation vulnerability (Metadata).","Checks if a vulnerable version is present on the target host.
2880Details:
2881PHP 'stream_get_meta_data' Privilege Escalation Vulnerability (Windows)
2882(OID: 1.3.6.1.4.1.25623.1.0.812513)
2883Version used: $Revision: 12120 $
2884","Product: cpe:/a:php:php:5.3.10
2885Method: PHP Version Detection (Remote)
2886(OID: 1.3.6.1.4.1.25623.1.0.800109)
2887","","CB-K18/0498, CB-K18/0350, DFN-CERT-2018-0576, DFN-CERT-2018-0537, DFN-CERT-2018-0380","https://vuldb.com/?id.113055, https://bugs.php.net/bug.php?id=71323, https://git.php.net/?p=php-src.git;a=commit;h=6297a117d77fa3a0df2e21ca926a92c231819cd5, http://www.php.net"
288810.10.0.4,METASPLOITABLE3,22,tcp,5.0,Medium,"VendorFix","OpenSSH sftp-server Security Bypass Vulnerability (Windows)","This host is installed with openssh and
2889 is prone to security bypass vulnerability.","Installed version: 7.1
2890Fixed version: 7.6",1.3.6.1.4.1.25623.1.0.812050,"CVE-2017-15906",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,2ea1b54d-5cbd-4756-bc17-7f60a0ec8c64,"Successfully exploiting this issue allows
2891 local users to bypass certain security restrictions and perform unauthorized
2892 actions. This may lead to further attacks.","Upgrade to OpenSSH version 7.6 or later.","OpenSSH versions before 7.6 on Windows","The flaw exists in the 'process_open' function
2893 in sftp-server.c script which does not properly prevent write operations in
2894 readonly mode.","Checks if a vulnerable version is present on the target host.
2895Details:
2896OpenSSH 'sftp-server' Security Bypass Vulnerability (Windows)
2897(OID: 1.3.6.1.4.1.25623.1.0.812050)
2898Version used: $Revision: 11983 $
2899","Product: cpe:/a:openbsd:openssh:7.1
2900Method: SSH Server type and version
2901(OID: 1.3.6.1.4.1.25623.1.0.10267)
2902","101552","CB-K18/0137, CB-K17/2126, CB-K17/2014, CB-K17/2002, DFN-CERT-2018-2554, DFN-CERT-2018-2191, DFN-CERT-2018-2068, DFN-CERT-2018-1828, DFN-CERT-2018-1568, DFN-CERT-2018-0150, DFN-CERT-2017-2217, DFN-CERT-2017-2100, DFN-CERT-2017-2093","https://www.openssh.com/txt/release-7.6, https://github.com/openbsd/src/commit/a6981567e8e, http://www.openssh.com"
290310.10.0.4,METASPLOITABLE3,8282,tcp,5.0,Medium,"VendorFix","Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Windows)","This host is installed with Apache Tomcat
2904 and is prone to security bypass and information disclosure vulnerabilities.","Installed version: 8.0.33
2905Fixed version: 8.0.37",1.3.6.1.4.1.25623.1.0.811298,"CVE-2016-6794, CVE-2016-0762, CVE-2016-5018, CVE-2016-6796, CVE-2016-6797",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,4eb0fa4b-5248-4965-95b1-9461646fd5ce,"Successful exploitation will allows remote
2906 attackers to gain access to potentially sensitive information and bypass
2907 certain security restrictions.","Upgrade to Apache Tomcat version 9.0.0.M10
2908 or 8.5.5 or 8.0.37 or 7.0.72 or 6.0.47 or later.","Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9,
2909 Apache Tomcat versions 8.5.0 to 8.5.4,
2910 Apache Tomcat versions 8.0.0.RC1 to 8.0.36,
2911 Apache Tomcat versions 7.0.0 to 7.0.70, and
2912 Apache Tomcat versions 6.0.0 to 6.0.45 on Windows.","Multiple flaws exist due to,
2913
2914 - An error in the system property replacement feature for configuration files.
2915
2916 - An error in the realm implementations in Apache Tomcat that does not process
2917 the supplied password if the supplied user name did not exist.
2918
2919 - An error in the configured SecurityManager via a Tomcat utility method that
2920 is accessible to web applications.
2921
2922 - An error in the configured SecurityManager via manipulation of the
2923 configuration parameters for the JSP Servlet.
2924
2925 - An error in the ResourceLinkFactory implementation in Apache Tomcat that
2926 does not limit web application access to global JNDI resources to those
2927 resources explicitly linked to the web application.","Checks if a vulnerable version is present on the target host.
2928Details:
2929Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Wi...
2930(OID: 1.3.6.1.4.1.25623.1.0.811298)
2931Version used: $Revision: 11863 $
2932","Product: cpe:/a:apache:tomcat:8.0.33
2933Method: Apache Tomcat Version Detection
2934(OID: 1.3.6.1.4.1.25623.1.0.800371)
2935","93940, 93944, 93939, 93942, 93943","CB-K17/1060, CB-K17/1033, CB-K17/1031, CB-K17/0659, CB-K17/0397, CB-K17/0133, CB-K16/1927, CB-K16/1673, CB-K16/1646, DFN-CERT-2017-1095, DFN-CERT-2017-1068, DFN-CERT-2017-1064, DFN-CERT-2017-0673, DFN-CERT-2017-0404, DFN-CERT-2017-0137, DFN-CERT-2016-2035, DFN-CERT-2016-1772, DFN-CERT-2016-1743","http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72, http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47, http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M10, http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
293610.10.0.4,METASPLOITABLE3,3000,tcp,5.0,Medium,"VendorFix","Ruby on Rails Multiple Vulnerabilities-01 Oct16 (Windows)","This host is running Ruby on Rails and is
2937 prone to multiple vulnerabilities.","Installed version: 4.1.1
2938Fixed version: 4.1.14.1",1.3.6.1.4.1.25623.1.0.809356,"CVE-2016-0752, CVE-2016-0751, CVE-2015-7576",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f0391221-93f2-4bdd-8c41-682ff9145fc8,"Successful exploitation will allow a remote
2939 attacker to read arbitrary files by leveraging an application's unrestricted use
2940 of the render method, to cause a denial of service.","Upgrade to Ruby on Rails 3.2.22.1 or 4.1.14.1 or
2941 4.2.5.1, or later.","Ruby on Rails before 3.2.22.1,
2942 Ruby on Rails 4.0.x and 4.1.x before 4.1.14.1 and
2943 Ruby on Rails 4.2.x before 4.2.5.1 on Windows.","Multiple flaws are due to
2944
2945 - Directory traversal vulnerability in Action View.
2946
2947 - The script 'actionpack/lib/action_dispatch/http/mime_type.rb' does not properly
2948 restrict use of the MIME type cache.
2949
2950 - The http_basic_authenticate_with method in
2951 'actionpack/lib/action_controller/metal/http_authentication.rb' does not use a
2952 constant-time algorithm for verifying credentials.","Checks if a vulnerable version is present on the target host.
2953Details:
2954Ruby on Rails Multiple Vulnerabilities-01 Oct16 (Windows)
2955(OID: 1.3.6.1.4.1.25623.1.0.809356)
2956Version used: $Revision: 12455 $
2957","Product: cpe:/a:ruby-lang:ruby:2.3.3
2958Method: Ruby on Rails Version Detection
2959(OID: 1.3.6.1.4.1.25623.1.0.902089)
2960","81801, 81800, 81803","CB-K17/0517, CB-K17/0278, CB-K16/0625, CB-K16/0522, CB-K16/0419, CB-K16/0238, CB-K16/0166, CB-K16/0165, DFN-CERT-2017-0534, DFN-CERT-2017-0284, DFN-CERT-2016-0674, DFN-CERT-2016-0566, DFN-CERT-2016-0458, DFN-CERT-2016-0259, DFN-CERT-2016-0181, DFN-CERT-2016-0178","http://www.openwall.com/lists/oss-security/2016/01/25/10, http://rubyonrails.org"
296110.10.0.4,METASPLOITABLE3,8585,tcp,5.0,Medium,"VendorFix","PHP Multiple Vulnerabilities - Jul17 (Windows)","This host is installed with PHP and is prone
2962 to multiple vulnerabilities.","Installed version: 5.3.10
2963Fixed version: 5.6.31",1.3.6.1.4.1.25623.1.0.811481,"CVE-2017-11145, CVE-2017-11144, CVE-2017-11146, CVE-2017-11628, CVE-2017-7890",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,9471d486-3eca-4c69-b87c-28e51b072c2f,"Successfully exploiting this issue allow
2964 remote attackers to leak information from the interpreter, crash PHP
2965 interpreter and also disclose sensitive information.","Upgrade to PHP version 5.6.31, 7.0.21, 7.1.7,
2966 or later.","PHP versions before 5.6.31, 7.x before 7.0.21,
2967 and 7.1.x before 7.1.7","Multiple flaws are due to
2968
2969 - An ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date
2970 function.
2971
2972 - The openssl extension PEM sealing code did not check the return value of the
2973 OpenSSL sealing function.
2974
2975 - lack of bounds checks in the date extension's timelib_meridian parsing code.
2976
2977 - A stack-based buffer overflow in the zend_ini_do_op() function in
2978 'Zend/zend_ini_parser.c' script.
2979
2980 - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD
2981 Graphics Library (aka libgd) does not zero colorMap arrays before use.","Checks if a vulnerable version is present on the target host.
2982Details:
2983PHP Multiple Vulnerabilities - Jul17 (Windows)
2984(OID: 1.3.6.1.4.1.25623.1.0.811481)
2985Version used: $Revision: 11863 $
2986","Product: cpe:/a:php:php:5.3.10
2987Method: PHP Version Detection (Remote)
2988(OID: 1.3.6.1.4.1.25623.1.0.800109)
2989","99492, 99550, 99605, 99612, 99489","CB-K18/0048, CB-K17/1575, CB-K17/1468, CB-K17/1461, CB-K17/1373, CB-K17/1358, CB-K17/1132, DFN-CERT-2018-0835, DFN-CERT-2018-0733, DFN-CERT-2018-0055, DFN-CERT-2017-1647, DFN-CERT-2017-1530, DFN-CERT-2017-1529, DFN-CERT-2017-1432, DFN-CERT-2017-1420, DFN-CERT-2017-1161","http://www.php.net/ChangeLog-5.php, http://www.php.net/ChangeLog-7.php"
299010.10.0.4,METASPLOITABLE3,3000,tcp,5.0,Medium,"VendorFix","Ruby on Rails Acrive Model Security Bypass Vulnerability (Windows)","This host is running Ruby on Rails and is
2991 prone to security bypass vulnerabilities.","Installed version: 4.1.1
2992Fixed version: 4.1.14.1",1.3.6.1.4.1.25623.1.0.809360,"CVE-2016-0753",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,c82f53b6-6442-4434-aa43-82303e9071c9,"Successful exploitation will allow a remote
2993 attacker to bypass intended change restrictions by leveraging use of the nested
2994 attributes feature.","Upgrade to Ruby on Rails 4.1.14.1 or
2995 4.2.5.1, or later.","Ruby on Rails 4.1.x before 4.1.14.1,
2996 Ruby on Rails 4.2.x before 4.2.5.1 on Windows.","The flaw is due to Ruby on Rails supports the
2997 use of instance-level writers for class accessors.","Checks if a vulnerable version is present on the target host.
2998Details:
2999Ruby on Rails Acrive Model Security Bypass Vulnerability (Windows)
3000(OID: 1.3.6.1.4.1.25623.1.0.809360)
3001Version used: $Revision: 11922 $
3002","Product: cpe:/a:ruby-lang:ruby:2.3.3
3003Method: Ruby on Rails Version Detection
3004(OID: 1.3.6.1.4.1.25623.1.0.902089)
3005","82247","CB-K16/0625, CB-K16/0254, CB-K16/0238, CB-K16/0236, CB-K16/0166, CB-K16/0165, DFN-CERT-2016-0674, DFN-CERT-2016-0272, DFN-CERT-2016-0259, DFN-CERT-2016-0258, DFN-CERT-2016-0181, DFN-CERT-2016-0178","http://www.openwall.com/lists/oss-security/2016/01/25/14, http://rubyonrails.org"
300610.10.0.4,METASPLOITABLE3,22,tcp,5.0,Medium,"VendorFix","OpenSSH User Enumeration Vulnerability-Aug18 (Windows)","This host is installed with openssh and
3007 is prone to user enumeration vulnerability.","Installed version: 7.1
3008Fixed version: 7.8
3009Installation
3010path / port: 22/tcp",1.3.6.1.4.1.25623.1.0.813863,"CVE-2018-15473",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,db933c62-848f-4b0a-ac4f-dc4bc0e28b2d,"Successfully exploitation will allow remote
3011 attacker to test whether a certain user exists or not (username enumeration)
3012 on a target OpenSSH server.","Update to version 7.8 or later.","OpenSSH version 7.7 and prior on Windows.","The flaw is due to not delaying bailout for
3013 an invalid authenticating user until after the packet containing the request
3014 has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and
3015 auth2-pubkey.c","Checks if a vulnerable version is present
3016 on the target host.
3017Details:
3018OpenSSH User Enumeration Vulnerability-Aug18 (Windows)
3019(OID: 1.3.6.1.4.1.25623.1.0.813863)
3020Version used: $Revision: 12956 $
3021","Product: cpe:/a:openbsd:openssh:7.1
3022Method: SSH Server type and version
3023(OID: 1.3.6.1.4.1.25623.1.0.10267)
3024","","CB-K18/1031, CB-K18/0873, DFN-CERT-2018-2293, DFN-CERT-2018-2259, DFN-CERT-2018-2191, DFN-CERT-2018-1806, DFN-CERT-2018-1696","http://www.openssh.com, https://0day.city/cve-2018-15473.html, https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"
302510.10.0.4,METASPLOITABLE3,8484,tcp,5.0,Medium,"VendorFix","Jenkins < 2.146 and < 2.138.2 LTS Multiple Vulnerabilities (Windows)","This host is installed with Jenkins and is prone to multiple vulnerabilities.","Installed version: 1.637
3026Fixed version: 2.146
3027Installation
3028path / port: /",1.3.6.1.4.1.25623.1.0.108510,"CVE-2018-1999043, CVE-2018-1000406, CVE-2018-1000407, CVE-2018-1000408, CVE-2018-1000409, CVE-2018-1000410, CVE-2018-1000997",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,2f80e9b8-70d3-461b-9860-a3461c6fb25f,"","Upgrade to Jenkins weekly to 2.146 or later / Jenkins LTS to 2.138.2 or
3029 later.","Jenkins LTS up to and including 2.138.1, Jenkins weekly up to and including 2.145.","Jenkins is prone to the following vulnerabilities:
3030
3031 - Path traversal vulnerability in Stapler allowed accessing internal data (CVE-2018-1000997).
3032
3033 - Arbitrary file write vulnerability using file parameter definitions (CVE-2018-1000406).
3034
3035 - Reflected XSS vulnerability (CVE-2018-1000407).
3036
3037 - Ephemeral user record was created on some invalid authentication attempts (CVE-2018-1999043).
3038
3039 - Ephemeral user record creation (CVE-2018-1000408).
3040
3041 - Session fixation vulnerability on user signup (CVE-2018-1000409).
3042
3043 - Failures to process form submission data could result in secrets being displayed or written to logs (CVE-2018-1000410).","Checks if a vulnerable version is present on the target host.
3044Details:
3045Jenkins < 2.146 and < 2.138.2 LTS Multiple Vulnerabilities (Windows)
3046(OID: 1.3.6.1.4.1.25623.1.0.108510)
3047Version used: $Revision: 13256 $
3048","Product: cpe:/a:jenkins:jenkins:1.637
3049Method: Jenkins CI Detection
3050(OID: 1.3.6.1.4.1.25623.1.0.111001)
3051","","","https://jenkins.io/security/advisory/2018-10-10/"
305210.10.0.4,METASPLOITABLE3,8484,tcp,5.0,Medium,"VendorFix","Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities (Windows)","This host is installed with Jenkins and is prone to multiple vulnerabilities.","Installed version: 1.637
3053Fixed version: 2.133
3054Installation
3055path / port: /",1.3.6.1.4.1.25623.1.0.112332,"CVE-2018-1999001, CVE-2018-1999002, CVE-2018-1999003, CVE-2018-1999004, CVE-2018-1999005, CVE-2018-1999006, CVE-2018-1999007",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,da93b804-4a9e-4c1a-86cf-3237a0f31d45,"","Upgrade to Jenkins weekly to 2.132 or later / Jenkins LTS to 2.121.2 or
3056 later.","Jenkins LTS up to and including 2.121.1, Jenkins weekly up to and including 2.132.","Jenkins is prone to the following vulnerabilities:
3057
3058 - Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart (CVE-2018-1999001).
3059
3060 - Arbitrary file read vulnerability (CVE-2018-1999002).
3061
3062 - Unauthorized users could cancel queued builds (CVE-2018-1999003).
3063
3064 - Unauthorized users could initiate and abort agent launches (CVE-2018-1999004).
3065
3066 - Stored XSS vulnerability (CVE-2018-1999005).
3067
3068 - Unauthorized users are able to determine when a plugin was extracted from its JPI package (CVE-2018-1999006).
3069
3070 - XSS vulnerability in Stapler debug mode (CVE-2018-1999007).","Checks if a vulnerable version is present on the target host.
3071Details:
3072Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities (Windows)
3073(OID: 1.3.6.1.4.1.25623.1.0.112332)
3074Version used: $Revision: 12761 $
3075","Product: cpe:/a:jenkins:jenkins:1.637
3076Method: Jenkins CI Detection
3077(OID: 1.3.6.1.4.1.25623.1.0.111001)
3078","","DFN-CERT-2018-1419","https://jenkins.io/security/advisory/2018-07-18/, https://www.cloudbees.com"
307910.10.0.4,METASPLOITABLE3,4848,tcp,5.0,Medium,"WillNotFix","Oracle Glass Fish Server Directory Traversal Vulnerability","This host is installed with Glass fish server
3080 and is prone to directory traversal vulnerability.","Vulnerable url: https://10.10.0.4:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini",1.3.6.1.4.1.25623.1.0.806848,"CVE-2017-1000028",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,6b92ae99-b65f-48bb-98ad-57496872b30e,"Successful exploitation will allow remote
3081 attackers to gain access to sensitive information.","No known solution was made available for at least one year since the
3082disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to
3083a newer release, disable respective features, remove the product or replace the product by another one.","Oracle Glassfish Server version 4.1.1
3084 and probably prior.","The flaw is due to
3085
3086 - Improper sanitization of parameter 'META-INF' in 'theme.php' file.","Send a crafted request via HTTP GET and
3087 check whether it is able to get the content of passwd file.
3088Details:
3089Oracle Glass Fish Server Directory Traversal Vulnerability
3090(OID: 1.3.6.1.4.1.25623.1.0.806848)
3091Version used: $Revision: 11702 $
3092","","","","https://www.exploit-db.com/exploits/39241"
309310.10.0.4,METASPLOITABLE3,8484,tcp,4.9,Medium,"VendorFix","Jenkins Multiple Vulnerabilities Nov 17 (Windows)","This host is installed with Jenkins and is prone to
3094 multiple vulnerabilities.","Installed version: 1.637
3095Fixed version: 2.73.3",1.3.6.1.4.1.25623.1.0.112131,"CVE-2017-1000391, CVE-2017-1000392",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,27da3c26-de71-4d8b-9044-5b593a397d28,"Successful exploitation will allow remote attackers to
3096affect the integrity of the application.","Upgrade to Jenkins weekly to 2.89 or later / Jenkins LTS to 2.73.3 or
3097 later.","Jenkins LTS 2.73.2 and prior, Jenkins weekly up to and including 2.88.","Multiple flaws are due to,
3098
3099 - unsafe use of user names as directory names
3100
3101 - a persisted XSS vulnerability in autocompletion suggestions","Checks if a vulnerable version is present on the target host.
3102Details:
3103Jenkins Multiple Vulnerabilities Nov 17 (Windows)
3104(OID: 1.3.6.1.4.1.25623.1.0.112131)
3105Version used: $Revision: 12761 $
3106","Product: cpe:/a:jenkins:jenkins:1.637
3107Method: Jenkins CI Detection
3108(OID: 1.3.6.1.4.1.25623.1.0.111001)
3109","","","https://jenkins.io/security/advisory/2017-11-08/, https://www.cloudbees.com"
311010.10.0.4,METASPLOITABLE3,8484,tcp,4.8,Medium,"Workaround","Cleartext Transmission of Sensitive Information via HTTP","The host / application transmits sensitive information (username, passwords) in
3111 cleartext via HTTP.","The following input fields where identified (URL:input name):
3112
3113http://10.10.0.4:8484/configure:privateKeyPassword",1.3.6.1.4.1.25623.1.0.108440,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,e861ebf4-9e79-4b2d-b1cd-a59f0bb56541,"An attacker could use this situation to compromise or eavesdrop on the
3114 HTTP communication between the client and the server using a man-in-the-middle attack to get access to
3115 sensitive data like usernames or passwords.","Enforce the transmission of sensitive data via an encrypted SSL/TLS connection.
3116 Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before
3117 allowing to input sensitive data into the mentioned functions.","Hosts / applications which doesn't enforce the transmission of sensitive data via an
3118 encrypted SSL/TLS connection.","","Evaluate previous collected information and check if the host / application is not
3119 enforcing the transmission of sensitive data via an encrypted SSL/TLS connection.
3120
3121 The script is currently checking the following:
3122
3123 - HTTP Basic Authentication (Basic Auth)
3124
3125 - HTTP Forms (e.g. Login) with input field of type 'password'
3126Details:
3127Cleartext Transmission of Sensitive Information via HTTP
3128(OID: 1.3.6.1.4.1.25623.1.0.108440)
3129Version used: $Revision: 10726 $
3130","","","","https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management, https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure, https://cwe.mitre.org/data/definitions/319.html"
313110.10.0.4,METASPLOITABLE3,8282,tcp,4.8,Medium,"Workaround","Cleartext Transmission of Sensitive Information via HTTP","The host / application transmits sensitive information (username, passwords) in
3132 cleartext via HTTP.","The following URLs requires Basic Authentication (URL:realm name):
3133
3134http://10.10.0.4:8282/host-manager/html:""Tomcat Host Manager Application""
3135http://10.10.0.4:8282/manager/html:""Tomcat Manager Application""
3136http://10.10.0.4:8282/manager/status:""Tomcat Manager Application""",1.3.6.1.4.1.25623.1.0.108440,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,d5962802-2651-4ab8-a995-705d7d043698,"An attacker could use this situation to compromise or eavesdrop on the
3137 HTTP communication between the client and the server using a man-in-the-middle attack to get access to
3138 sensitive data like usernames or passwords.","Enforce the transmission of sensitive data via an encrypted SSL/TLS connection.
3139 Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before
3140 allowing to input sensitive data into the mentioned functions.","Hosts / applications which doesn't enforce the transmission of sensitive data via an
3141 encrypted SSL/TLS connection.","","Evaluate previous collected information and check if the host / application is not
3142 enforcing the transmission of sensitive data via an encrypted SSL/TLS connection.
3143
3144 The script is currently checking the following:
3145
3146 - HTTP Basic Authentication (Basic Auth)
3147
3148 - HTTP Forms (e.g. Login) with input field of type 'password'
3149Details:
3150Cleartext Transmission of Sensitive Information via HTTP
3151(OID: 1.3.6.1.4.1.25623.1.0.108440)
3152Version used: $Revision: 10726 $
3153","","","","https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management, https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure, https://cwe.mitre.org/data/definitions/319.html"
315410.10.0.4,METASPLOITABLE3,8022,tcp,4.8,Medium,"Workaround","Cleartext Transmission of Sensitive Information via HTTP","The host / application transmits sensitive information (username, passwords) in
3155 cleartext via HTTP.","The following input fields where identified (URL:input name):
3156
3157http://10.10.0.4:8022/configurations.do:j_password",1.3.6.1.4.1.25623.1.0.108440,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,0f0bb1a4-a42f-4c34-9c65-74c281e0a2c4,"An attacker could use this situation to compromise or eavesdrop on the
3158 HTTP communication between the client and the server using a man-in-the-middle attack to get access to
3159 sensitive data like usernames or passwords.","Enforce the transmission of sensitive data via an encrypted SSL/TLS connection.
3160 Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before
3161 allowing to input sensitive data into the mentioned functions.","Hosts / applications which doesn't enforce the transmission of sensitive data via an
3162 encrypted SSL/TLS connection.","","Evaluate previous collected information and check if the host / application is not
3163 enforcing the transmission of sensitive data via an encrypted SSL/TLS connection.
3164
3165 The script is currently checking the following:
3166
3167 - HTTP Basic Authentication (Basic Auth)
3168
3169 - HTTP Forms (e.g. Login) with input field of type 'password'
3170Details:
3171Cleartext Transmission of Sensitive Information via HTTP
3172(OID: 1.3.6.1.4.1.25623.1.0.108440)
3173Version used: $Revision: 10726 $
3174","","","","https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management, https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure, https://cwe.mitre.org/data/definitions/319.html"
317510.10.0.4,METASPLOITABLE3,8020,tcp,4.8,Medium,"Workaround","Cleartext Transmission of Sensitive Information via HTTP","The host / application transmits sensitive information (username, passwords) in
3176 cleartext via HTTP.","The following input fields where identified (URL:input name):
3177
3178http://10.10.0.4:8020/configurations.do:j_password",1.3.6.1.4.1.25623.1.0.108440,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,18301a92-3727-418f-83f5-9a72d2630b87,"An attacker could use this situation to compromise or eavesdrop on the
3179 HTTP communication between the client and the server using a man-in-the-middle attack to get access to
3180 sensitive data like usernames or passwords.","Enforce the transmission of sensitive data via an encrypted SSL/TLS connection.
3181 Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before
3182 allowing to input sensitive data into the mentioned functions.","Hosts / applications which doesn't enforce the transmission of sensitive data via an
3183 encrypted SSL/TLS connection.","","Evaluate previous collected information and check if the host / application is not
3184 enforcing the transmission of sensitive data via an encrypted SSL/TLS connection.
3185
3186 The script is currently checking the following:
3187
3188 - HTTP Basic Authentication (Basic Auth)
3189
3190 - HTTP Forms (e.g. Login) with input field of type 'password'
3191Details:
3192Cleartext Transmission of Sensitive Information via HTTP
3193(OID: 1.3.6.1.4.1.25623.1.0.108440)
3194Version used: $Revision: 10726 $
3195","","","","https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management, https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure, https://cwe.mitre.org/data/definitions/319.html"
319610.10.0.4,METASPLOITABLE3,8585,tcp,4.6,Medium,"VendorFix","Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)","The host is running Apache HTTP Server and is prone to security bypass
3197vulnerability.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.803744,"CVE-2012-0031",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,bf0d8c22-fbdc-4b82-9bbe-7999158faf32,"Successful exploitation will allow remote attacker to bypass certain security
3198restrictions. Other attacks are also possible.","Upgrade to Apache HTTP Server 2.2.22 or later.","Apache HTTP Server version before 2.2.22 on windows.","The flaw is due to an error in 'inscoreboard.c', certain type field within
3199a scoreboard shared memory segment leading to an invalid call to the free
3200function.","Get the installed version Apache HTTP Server with the help of detect NVT
3201and check it is vulnerable or not.
3202Details:
3203Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)
3204(OID: 1.3.6.1.4.1.25623.1.0.803744)
3205Version used: $Revision: 11865 $
3206","Product: cpe:/a:apache:http_server:2.2.21
3207Method: Apache Web Server Detection
3208(OID: 1.3.6.1.4.1.25623.1.0.900498)
3209","51407","CB-K14/1505, DFN-CERT-2014-1592, DFN-CERT-2012-1276, DFN-CERT-2012-0758, DFN-CERT-2012-0740, DFN-CERT-2012-0568, DFN-CERT-2012-0425, DFN-CERT-2012-0424, DFN-CERT-2012-0387, DFN-CERT-2012-0343, DFN-CERT-2012-0332, DFN-CERT-2012-0306, DFN-CERT-2012-0264, DFN-CERT-2012-0203, DFN-CERT-2012-0188","http://svn.apache.org/viewvc?view=revision&revision=1230065, http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown"
321010.10.0.4,METASPLOITABLE3,3389,tcp,4.3,Medium,"Mitigation","SSL/TLS: Report Weak Cipher Suites","This routine reports all Weak SSL/TLS cipher suites accepted by a service.
3211
3212 NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port 25/tcp is reported.
3213 If too strong cipher suites are configured for this service the alternative would be to fall back to an even more insecure
3214 cleartext communication.","'Weak' cipher suites accepted by this service via the TLSv1.0 protocol:
3215
3216TLS_RSA_WITH_RC4_128_MD5
3217TLS_RSA_WITH_RC4_128_SHA",1.3.6.1.4.1.25623.1.0.103440,"CVE-2013-2566, CVE-2015-2808, CVE-2015-4000",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,c216448b-28fa-4cc6-ae79-497d257ed578,"","The configuration of this services should be changed so
3218 that it does not accept the listed weak cipher suites anymore.
3219
3220 Please see the references for more resources supporting you with this task.","","These rules are applied for the evaluation of the cryptographic strength:
3221
3222 - RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808).
3223
3224 - Ciphers using 64 bit or less are considered to be vulnerable to brute force methods
3225 and therefore considered as weak (CVE-2015-4000).
3226
3227 - 1024 bit RSA authentication is considered to be insecure and therefore as weak.
3228
3229 - Any cipher considered to be secure for only the next 10 years is considered as medium
3230
3231 - Any other cipher is considered as strong","
3232Details:
3233SSL/TLS: Report Weak Cipher Suites
3234(OID: 1.3.6.1.4.1.25623.1.0.103440)
3235Version used: $Revision: 11135 $
3236","","","CB-K17/1750, CB-K16/1593, CB-K16/1552, CB-K16/1102, CB-K16/0617, CB-K16/0599, CB-K16/0168, CB-K16/0121, CB-K16/0090, CB-K16/0030, CB-K15/1751, CB-K15/1591, CB-K15/1550, CB-K15/1517, CB-K15/1514, CB-K15/1464, CB-K15/1442, CB-K15/1334, CB-K15/1269, CB-K15/1136, CB-K15/1090, CB-K15/1059, CB-K15/1022, CB-K15/1015, CB-K15/0986, CB-K15/0964, CB-K15/0962, CB-K15/0932, CB-K15/0927, CB-K15/0926, CB-K15/0907, CB-K15/0901, CB-K15/0896, CB-K15/0889, CB-K15/0877, CB-K15/0850, CB-K15/0849, CB-K15/0834, CB-K15/0827, CB-K15/0802, CB-K15/0764, CB-K15/0733, CB-K15/0667, CB-K14/0935, CB-K13/0942, DFN-CERT-2017-1821, DFN-CERT-2016-1692, DFN-CERT-2016-1648, DFN-CERT-2016-1168, DFN-CERT-2016-0665, DFN-CERT-2016-0642, DFN-CERT-2016-0184, DFN-CERT-2016-0135, DFN-CERT-2016-0101, DFN-CERT-2016-0035, DFN-CERT-2015-1853, DFN-CERT-2015-1679, DFN-CERT-2015-1632, DFN-CERT-2015-1608, DFN-CERT-2015-1542, DFN-CERT-2015-1518, DFN-CERT-2015-1406, DFN-CERT-2015-1341, DFN-CERT-2015-1194, DFN-CERT-2015-1144, DFN-CERT-2015-1113, DFN-CERT-2015-1078, DFN-CERT-2015-1067, DFN-CERT-2015-1038, DFN-CERT-2015-1016, DFN-CERT-2015-1012, DFN-CERT-2015-0980, DFN-CERT-2015-0977, DFN-CERT-2015-0976, DFN-CERT-2015-0960, DFN-CERT-2015-0956, DFN-CERT-2015-0944, DFN-CERT-2015-0937, DFN-CERT-2015-0925, DFN-CERT-2015-0884, DFN-CERT-2015-0881, DFN-CERT-2015-0879, DFN-CERT-2015-0866, DFN-CERT-2015-0844, DFN-CERT-2015-0800, DFN-CERT-2015-0737, DFN-CERT-2015-0696, DFN-CERT-2014-0977","https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/warnmeldung_cb-k16-1465_update_6.html, https://bettercrypto.org/, https://mozilla.github.io/server-side-tls/ssl-config-generator/"
323710.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"VendorFix","PHP SSL Certificate Validation Security Bypass Vulnerability (Windows)","This host is running PHP and is prone to security bypass vulnerability.","Installed version: 5.3.10
3238Fixed version: 5.4.18/5.5.2",1.3.6.1.4.1.25623.1.0.803739,"CVE-2013-4248",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,9b89ac36-c39c-41d0-97b7-7bf366400190,"Successful exploitation will allow remote attackers to spoof the server via
3239 a MitM (Man-in-the-Middle) attack and disclose potentially sensitive
3240 information.","Upgrade to PHP version 5.4.18 or 5.5.2 or later.","PHP versions before 5.4.18 and 5.5.x before 5.5.2 on Windows.","The flaw is due to the SSL module not properly handling NULL bytes inside
3241 'subjectAltNames' general names in the server SSL certificate.","Checks if a vulnerable version is present on the target host.
3242Details:
3243PHP SSL Certificate Validation Security Bypass Vulnerability (Windows)
3244(OID: 1.3.6.1.4.1.25623.1.0.803739)
3245Version used: $Revision: 11865 $
3246","Product: cpe:/a:php:php:5.3.10
3247Method: PHP Version Detection (Remote)
3248(OID: 1.3.6.1.4.1.25623.1.0.800109)
3249","61776","CB-K14/0834, CB-K14/0231, CB-K13/1092, CB-K13/0712, CB-K13/0609, DFN-CERT-2014-0870, DFN-CERT-2013-2127, DFN-CERT-2013-1713, DFN-CERT-2013-1603, DFN-CERT-2013-1538, DFN-CERT-2013-1537","http://secunia.com/advisories/54480, http://www.php.net/ChangeLog-5.php, http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897, http://php.net"
325010.10.0.4,METASPLOITABLE3,9200,tcp,4.3,Medium,"VendorFix","Elasticsearch Cross-site Scripting (XSS) Vulnerability (Windows)","This host is running Elasticsearch
3251 and is prone to Cross-site Scripting (XSS) vulnerability.","Installed version: 1.1.1
3252Fixed version: 1.4.0.Beta1",1.3.6.1.4.1.25623.1.0.808092,"CVE-2014-6439",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,057f5b01-cd72-4183-a9ea-e1211f736617,"Successful exploitation will allows remote
3253 attackers to inject arbitrary web script or HTML.","Upgrade to Elasticsearch version 1.4.0.Beta1,
3254 or later.","Elasticsearch version 1.3.x and prior
3255 on Windows.","The Flaw is due to an error in the
3256 CORS functionality.","Checks if a vulnerable version is present on the target host.
3257Details:
3258Elasticsearch Cross-site Scripting (XSS) Vulnerability (Windows)
3259(OID: 1.3.6.1.4.1.25623.1.0.808092)
3260Version used: $Revision: 12431 $
3261","Product: cpe:/a:elasticsearch:elasticsearch:1.1.1
3262Method: Elasticsearch and Logstash Detection
3263(OID: 1.3.6.1.4.1.25623.1.0.105031)
3264","70233","","https://www.elastic.co/community/security/, http://www.securityfocus.com/archive/1/archive/1/533602/100/0/threaded"
326510.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"VendorFix","WampServer < 3.1.5 XSS Vulnerability","WampServer is prone to an XSS vulnerability.","Installed version: 2.2
3266Fixed version: 3.1.5",1.3.6.1.4.1.25623.1.0.112471,"CVE-2018-1000848",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,4c3fe545-6a5a-4b12-8f16-7de7c33dcbfe,"Successful exploitation would allow an attacker to create a crafted link to
3267 inject arbitrary HTML and JavaScript into the target website.","Update to version 3.1.5.","WampServer before version 3.1.5.","","The script checks if a vulnerable version is present on the target host.
3268Details:
3269WampServer < 3.1.5 XSS Vulnerability
3270(OID: 1.3.6.1.4.1.25623.1.0.112471)
3271Version used: $Revision: 13012 $
3272","Product: cpe:/a:wampserver:wampserver:2.2
3273Method: WampServer Version Detection
3274(OID: 1.3.6.1.4.1.25623.1.0.800297)
3275","","","http://forum.wampserver.com/read.php?2, 153491"
327610.10.0.4,METASPLOITABLE3,49269,tcp,4.3,Medium,"Mitigation","SSH Weak Encryption Algorithms Supported","The remote SSH server is configured to allow weak encryption algorithms.","The following weak client-to-server encryption algorithms are supported by the remote service:
3277
32783des-cbc
3279aes128-cbc
3280blowfish-cbc
3281
3282
3283The following weak server-to-client encryption algorithms are supported by the remote service:
3284
32853des-cbc
3286aes128-cbc
3287blowfish-cbc",1.3.6.1.4.1.25623.1.0.105611,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,42d7b252-9d6b-458d-a2d7-4c97d525f120,"","Disable the weak encryption algorithms.","","The `arcfour` cipher is the Arcfour stream cipher with 128-bit keys.
3288 The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems
3289 with weak keys, and should not be used anymore.
3290
3291 The `none` algorithm specifies that no encryption is to be done.
3292 Note that this method provides no confidentiality protection, and it
3293 is NOT RECOMMENDED to use it.
3294
3295 A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.","Check if remote ssh service supports Arcfour, none or CBC ciphers.
3296Details:
3297SSH Weak Encryption Algorithms Supported
3298(OID: 1.3.6.1.4.1.25623.1.0.105611)
3299Version used: $Revision: 4490 $
3300","","","","https://tools.ietf.org/html/rfc4253#section-6.3, https://www.kb.cert.org/vuls/id/958563"
330110.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"Workaround","WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability (Windows)","This host is running WordPress and is prone to a security-bypass vulnerability.","Installed version: 4.6.1
3302Fixed version: None",1.3.6.1.4.1.25623.1.0.108156,"CVE-2017-8295",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,f08a8874-9160-4c91-8725-161d4d24d66a,"Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions.
3303 This may aid in further attacks.","No known solution was made available for at least one year since the disclosure of this vulnerability.
3304 Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the
3305 product or replace the product by another one.
3306
3307 A workaround is to enable UseCanonicalName to enforce static SERVER_NAME value.","WordPress versions 4.7.4 and prior.","The flaws exist because WordPress relies on the Host HTTP header for a password-reset e-mail message,
3308 which makes it easier for user-assisted remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword
3309 request and then arranging for this e-mail to bounce or be resent, leading to transmission of the reset key to a mailbox on an
3310 attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in
3311 conjunction with the PHP mail function.","Checks if a vulnerable version is present on the target host.
3312Details:
3313WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability (Window...
3314(OID: 1.3.6.1.4.1.25623.1.0.108156)
3315Version used: $Revision: 11982 $
3316","Product: cpe:/a:wordpress:wordpress:4.6.1
3317Method: WordPress Version Detection
3318(OID: 1.3.6.1.4.1.25623.1.0.900182)
3319","98295","","https://www.exploit-db.com/exploits/41963/, https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html, http://www.securityfocus.com/bid/98295, https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname"
332010.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"VendorFix","WordPress Multiple Vulnerabilities-Jan 2018 (Windows)","This host is running WordPress and is prone
3321 to multiple vulnerabilities.","Installed version: 4.6.1
3322Fixed version: 4.9.2",1.3.6.1.4.1.25623.1.0.812507,"CVE-2018-5776",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,20a71c58-404d-4b53-91b0-d96b998d1552,"Successful exploitation will allow remote
3323 attackers to conduct cross site scripting attacks.","Upgrade to WordPress version 4.9.2 or later.","WordPress versions prior to 4.9.2 on Windows","An XSS flaw exists in the Flash fallback
3324 files in MediaElement, a library that is included with WordPress. Because
3325 the Flash files are no longer needed for most use cases, they have been
3326 removed from WordPress.
3327
3328 21 other bugs were fixed in WordPress 4.9.2:
3329
3330 - JavaScript errors that prevented saving posts in Firefox have been fixed.
3331
3332 - The previous taxonomy-agnostic behavior of get_category_link() and
3333 category_description() was restored.
3334
3335 - Switching themes will now attempt to restore previous widget assignments,
3336 even when there are no sidebars to map.","Checks if a vulnerable version is present on the target host.
3337Details:
3338WordPress Multiple Vulnerabilities-Jan 2018 (Windows)
3339(OID: 1.3.6.1.4.1.25623.1.0.812507)
3340Version used: $Revision: 12116 $
3341","Product: cpe:/a:wordpress:wordpress:4.6.1
3342Method: WordPress Version Detection
3343(OID: 1.3.6.1.4.1.25623.1.0.900182)
3344","","","https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/, https://codex.wordpress.org/Version_4.9.2"
334510.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"VendorFix","PHP Cross-Site Scripting Vulnerability - Aug16 (Windows)","This host is installed with PHP and is prone
3346 to cross-site scripting (XSS) vulnerability.","Installed version: 5.3.10
3347Fixed version: 5.4.38",1.3.6.1.4.1.25623.1.0.808799,"CVE-2015-8935",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,c073b497-f03b-4677-8a74-8ef4537de820,"Successfully exploiting this issue allows
3348 remote attackers to conduct cross-site scripting (XSS) attacks against
3349 Internet Explorer by leveraging '%0A%20' or '%0D%0A%20' mishandling in
3350 the header function.","Upgrade to PHP version 5.4.38, or 5.5.22,
3351 or 5.6.6, or later.","PHP versions before 5.4.38, 5.5.x before
3352 5.5.22, and 5.6.x before 5.6.6 on Windows","The flaw is due to the 'sapi_header_op'
3353 function in 'main/SAPI.c' script supports deprecated line folding without
3354 considering browser compatibility.","Checks if a vulnerable version is present on the target host.
3355Details:
3356PHP Cross-Site Scripting Vulnerability - Aug16 (Windows)
3357(OID: 1.3.6.1.4.1.25623.1.0.808799)
3358Version used: $Revision: 12149 $
3359","Product: cpe:/a:php:php:5.3.10
3360Method: PHP Version Detection (Remote)
3361(OID: 1.3.6.1.4.1.25623.1.0.800109)
3362","92356","CB-K16/1614, CB-K16/1257, CB-K16/1230, CB-K16/1179, CB-K16/1106, CB-K16/1030, DFN-CERT-2016-1719, DFN-CERT-2016-1335, DFN-CERT-2016-1295, DFN-CERT-2016-1253, DFN-CERT-2016-1178, DFN-CERT-2016-1097","https://bugs.php.net/bug.php?id=68978, http://www.php.net"
336310.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"VendorFix","WordPress Ninja Forms Plugin XSS Vulnerability","Ninja Forms plugin for WordPress is prone to a cross-site scripting (XSS) vulnerability.","Installed version: 2.9.42
3364Fixed version: 3.2.14",1.3.6.1.4.1.25623.1.0.112239,"CVE-2018-7280",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,47e50e67-6f84-490c-a6f4-f0006b303eae,"","Upgrade to version 3.2.14 or later.","WordPress Ninja Forms plugin before version 3.2.14.","","Checks if a vulnerable version is present on the target host.
3365Details:
3366WordPress Ninja Forms Plugin XSS Vulnerability
3367(OID: 1.3.6.1.4.1.25623.1.0.112239)
3368Version used: $Revision: 11156 $
3369","Product: cpe:/a:wordpress:wordpress:4.6.1
3370Method: WordPress Version Detection
3371(OID: 1.3.6.1.4.1.25623.1.0.900182)
3372","","","https://wordpress.org/plugins/ninja-forms/#developers"
337310.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"VendorFix","Apache HTTP Server mod_dav_svn Denial of Service Vulnerability (Windows)","The host is running Apache HTTP Server and is prone to denial of service
3374vulnerability.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.803743,"CVE-2013-1896",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b13b2e95-39bd-4d3d-80c6-d4e9d96a431b,"Successful exploitation will allow remote attacker to cause a denial of
3375service (segmentation fault) via a MERGE request in which the URI is
3376configured for handling by the mod_dav_svn module.","Upgrade to Apache HTTP Server 2.2.25 or later.","Apache HTTP Server version before 2.2.25 on windows.","The flaw is due to an error in 'mod_dav.c', It does not properly determine
3377whether DAV is enabled for a URI.","Get the installed version Apache HTTP Server with the help of detect NVT
3378and check it is vulnerable or not.
3379Details:
3380Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
3381(OID: 1.3.6.1.4.1.25623.1.0.803743)
3382Version used: $Revision: 11865 $
3383","Product: cpe:/a:apache:http_server:2.2.21
3384Method: Apache Web Server Detection
3385(OID: 1.3.6.1.4.1.25623.1.0.900498)
3386","61129","CB-K15/0960, CB-K14/1568, CB-K14/1095, CB-K14/0231, CB-K13/1009, CB-K13/0600, DFN-CERT-2015-1008, DFN-CERT-2014-1668, DFN-CERT-2014-1145, DFN-CERT-2013-2027, DFN-CERT-2013-1587, DFN-CERT-2013-1503, DFN-CERT-2013-1464, DFN-CERT-2013-1463, DFN-CERT-2013-1456","http://www.apache.org/dist/httpd/Announcement2.2.html, http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?view=log"
338710.10.0.4,METASPLOITABLE3,8282,tcp,4.3,Medium,"VendorFix","Apache Tomcat Open Redirect Vulnerability (Windows)","When the default servlet in Apache Tomcat returned a redirect to a directory
3388(e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the
3389redirect to be generated to any URI of the attackers choice.","Installed version: 8.0.33
3390Fixed version: 8.5.34",1.3.6.1.4.1.25623.1.0.141569,"CVE-2018-11784",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,7204650a-eaec-4a55-816b-83accf82f1ba,"","Update to version 7.0.91, 8.5.34, 9.0.12 or later.","Apache Tomcat 9.0.0.M1-9.0.11, 8.5.0-8.5.33, 7.0.23-7.0.90 and probably
33918.0.x.","","Checks if a vulnerable version is present on the target host.
3392Details:
3393Apache Tomcat Open Redirect Vulnerability (Windows)
3394(OID: 1.3.6.1.4.1.25623.1.0.141569)
3395Version used: $Revision: 13032 $
3396","Product: cpe:/a:apache:tomcat:8.0.33
3397Method: Apache Tomcat Version Detection
3398(OID: 1.3.6.1.4.1.25623.1.0.800371)
3399","","CB-K19/0050, CB-K18/0963, DFN-CERT-2019-0147, DFN-CERT-2019-0104, DFN-CERT-2018-2435, DFN-CERT-2018-2165, DFN-CERT-2018-2142, DFN-CERT-2018-2000","http://tomcat.apache.org/security-9.html, http://tomcat.apache.org/security-8.html, http://tomcat.apache.org/security-7.html"
340010.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"VendorFix","PHP main/SAPI.c HTTP Header Injection Vulnerability","This host is running PHP and is prone to HTTP header injection
3401 vulnerability.","Installed version: 5.3.10
3402Fixed version: 5.3.11/5.4.1 RC1",1.3.6.1.4.1.25623.1.0.802966,"CVE-2012-4388, CVE-2011-1398",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,d0c006e4-3dbb-418e-83c3-ceab1256f90b,"Successful exploitation could allows remote attackers to insert arbitrary
3403 headers, conduct cross-site request-forgery, cross-site scripting,
3404 HTML-injection, and other attacks.","Upgrade to PHP 5.4.1 RC1 or later.","PHP version prior to 5.3.11, PHP version 5.4.x through 5.4.0RC2 on Windows","The sapi_header_op function in main/SAPI.c in PHP does not properly determine
3405 a pointer during checks for %0D sequences.","
3406Details:
3407PHP 'main/SAPI.c' HTTP Header Injection Vulnerability
3408(OID: 1.3.6.1.4.1.25623.1.0.802966)
3409Version used: $Revision: 11857 $
3410","Product: cpe:/a:php:php:5.3.10
3411Method: PHP Version Detection (Remote)
3412(OID: 1.3.6.1.4.1.25623.1.0.800109)
3413","55527, 55297","CB-K13/1037, CB-K13/0712, DFN-CERT-2013-2065, DFN-CERT-2013-1713, DFN-CERT-2013-1494, DFN-CERT-2013-1444, DFN-CERT-2013-0357, DFN-CERT-2012-1840, DFN-CERT-2012-1789, DFN-CERT-2012-1775, DFN-CERT-2012-1772","http://openwall.com/lists/oss-security/2012/09/02/1, http://openwall.com/lists/oss-security/2012/09/07/3, http://article.gmane.org/gmane.comp.php.devel/70584, http://openwall.com/lists/oss-security/2012/09/05/15, http://security-tracker.debian.org/tracker/CVE-2012-4388, http://www.php.net/downloads.php"
341410.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"VendorFix","PHP PHAR Error Page Reflected XSS And DoS Vulnerabilities (Windows)","This host is installed with PHP and is prone
3415 to cross site scripting and denial of service vulnerabilities.","Installed version: 5.3.10
3416Fixed version: 5.6.33
3417Installation
3418path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.812732,"CVE-2018-5712, CVE-2018-5711",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,365942c2-8bc9-4995-806f-43f145f946dc,"Successfully exploiting this issue allows
3419 attacker to execute arbitrary script code in the browser of an unsuspecting
3420 user in the context of the affected site. This may allow the attacker to
3421 steal cookie-based authentication credentials and to launch other attacks
3422 and will also lead to a denial of service and exhausting the server resources.","Upgrade to PHP version 5.6.33, 7.0.27,
3423 7.1.13 or 7.2.1 or later.","PHP versions before 5.6.33, 7.0.x before
3424 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1","Multiple flaws are due to,
3425
3426 - An input validation error on the PHAR 404 error page via the URI of a request
3427 for a .phar file.
3428
3429 - An integer signedness error in gd_gif_in.c in the GD Graphics Library
3430 (aka libgd).","Checks if a vulnerable version is present on the target host.
3431Details:
3432PHP 'PHAR' Error Page Reflected XSS And DoS Vulnerabilities (Windows)
3433(OID: 1.3.6.1.4.1.25623.1.0.812732)
3434Version used: $Revision: 12120 $
3435","Product: cpe:/a:php:php:5.3.10
3436Method: PHP Version Detection (Remote)
3437(OID: 1.3.6.1.4.1.25623.1.0.800109)
3438","","CB-K18/0498, CB-K18/0270, CB-K18/0188, CB-K18/0174, DFN-CERT-2018-1739, DFN-CERT-2018-0835, DFN-CERT-2018-0733, DFN-CERT-2018-0576, DFN-CERT-2018-0537, DFN-CERT-2018-0290, DFN-CERT-2018-0205, DFN-CERT-2018-0191","http://php.net/ChangeLog-5.php, http://php.net/ChangeLog-7.php, https://bugs.php.net/bug.php?id=74782, https://bugs.php.net/bug.php?id=75571, http://www.php.net"
343910.10.0.4,METASPLOITABLE3,3000,tcp,4.3,Medium,"VendorFix","Ruby on Rails Active Support Cross Site Scripting Vulnerability (Windows)","This host is running Ruby on Rails and is
3440 prone to cross site scripting vulnerability.","Installed version: 4.1.1
3441Fixed version: 4.1.11",1.3.6.1.4.1.25623.1.0.807381,"CVE-2015-3226",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,78d275a4-7e16-4260-8212-60bcae85cdc9,"Successful exploitation will allow a remote
3442 attacker to inject arbitrary web script or HTML via crafted parameters.","Upgrade to Ruby on Rails 4.2.2, 4.1.11 or later.","Ruby on Rails versions 3.x, 3.0.x,
3443 3.1.x, 3.2.x, 4.1.x before 4.1.11, 4.2.x before 4.2.2 on Linux","The flaw is due to error in handling
3444 'ActiveSupport::JSON.encode' method which can lead to an XSS attack.","Checks if a vulnerable version is present on the target host.
3445Details:
3446Ruby on Rails Active Support Cross Site Scripting Vulnerability (Windows)
3447(OID: 1.3.6.1.4.1.25623.1.0.807381)
3448Version used: $Revision: 12051 $
3449","Product: cpe:/a:ruby-lang:ruby:2.3.3
3450Method: Ruby on Rails Version Detection
3451(OID: 1.3.6.1.4.1.25623.1.0.902089)
3452","","CB-K16/0166, CB-K15/0856, DFN-CERT-2016-0181, DFN-CERT-2015-0899","http://openwall.com/lists/oss-security/2015/06/16/17, https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ, http://rubyonrails.org"
345310.10.0.4,METASPLOITABLE3,8282,tcp,4.3,Medium,"VendorFix","Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities (Windows)","This host is installed with Apache Tomcat
3454 and is prone to an multiple access bypass vulnerabilities.","Installed version: 8.0.33
3455Fixed version: 8.0.50
3456Installation
3457path / port: /",1.3.6.1.4.1.25623.1.0.812784,"CVE-2018-1305, CVE-2018-1304",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,77dba7fd-c515-435e-b50c-fa099b6ed030,"Successfully exploiting these issues will allow
3458 remote attackers to bypass security constraints to access ostensibly restricted
3459 resources on the target system.","Upgrade to Apache Tomcat version 9.0.5,
3460 8.5.28, 8.0.50, 7.0.85 or later.","Apache Tomcat versions 9.0.0.M1 to 9.0.4
3461
3462 Apache Tomcat versions 8.5.0 to 8.5.27
3463
3464 Apache Tomcat versions 8.0.0.RC1 to 8.0.49
3465
3466 Apache Tomcat versions 7.0.0 to 7.0.84 on Windows.","Multiple flaws are due to,
3467
3468 - The system does not properly enforce security constraints that defined by
3469 annotations of Servlets in certain cases, depending on the order that Servlets
3470 are loaded.
3471
3472 - The URL pattern of '' (the empty string) which exactly maps to the context
3473 root was not correctly handled when used as part of a security constraint
3474 definition.","Checks if a vulnerable version is present on the target host.
3475Details:
3476Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabi...
3477(OID: 1.3.6.1.4.1.25623.1.0.812784)
3478Version used: $Revision: 12410 $
3479","Product: cpe:/a:apache:tomcat:8.0.33
3480Method: Apache Tomcat Version Detection
3481(OID: 1.3.6.1.4.1.25623.1.0.800371)
3482","103144, 103170","CB-K18/1007, CB-K18/1006, CB-K18/1005, CB-K18/0790, CB-K18/0420, CB-K18/0349, DFN-CERT-2018-2165, DFN-CERT-2018-2142, DFN-CERT-2018-2125, DFN-CERT-2018-2103, DFN-CERT-2018-1753, DFN-CERT-2018-1407, DFN-CERT-2018-1274, DFN-CERT-2018-1253, DFN-CERT-2018-1038, DFN-CERT-2018-0922, DFN-CERT-2018-0733, DFN-CERT-2018-0455, DFN-CERT-2018-0378","http://tomcat.apache.org/security-9.html, http://tomcat.apache.org/security-8.html, http://tomcat.apache.org/security-7.html, https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E"
348310.10.0.4,METASPLOITABLE3,8585,tcp,4.3,Medium,"VendorFix","Apache HTTP Server httpOnly Cookie Information Disclosure Vulnerability","This host is running Apache HTTP Server and is prone to cookie
3484 information disclosure vulnerability.","Vulnerability was detected according to the Vulnerability Detection Method.",1.3.6.1.4.1.25623.1.0.902830,"CVE-2012-0053",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,e2cb90eb-ae1b-45c3-835a-f308ae1db86a,"Successful exploitation will allow attackers to obtain sensitive information
3485 that may aid in further attacks.","Upgrade to Apache HTTP Server version 2.2.22 or later.","Apache HTTP Server versions 2.2.0 through 2.2.21","The flaw is due to an error within the default error response for
3486 status code 400 when no custom ErrorDocument is configured, which can be
3487 exploited to expose 'httpOnly' cookies.","
3488Details:
3489Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
3490(OID: 1.3.6.1.4.1.25623.1.0.902830)
3491Version used: $Revision: 11857 $
3492","","51706","CB-K15/0080, CB-K14/1505, CB-K14/0608, DFN-CERT-2015-0082, DFN-CERT-2014-1592, DFN-CERT-2014-0635, DFN-CERT-2013-1307, DFN-CERT-2012-1276, DFN-CERT-2012-1112, DFN-CERT-2012-0928, DFN-CERT-2012-0758, DFN-CERT-2012-0744, DFN-CERT-2012-0568, DFN-CERT-2012-0425, DFN-CERT-2012-0424, DFN-CERT-2012-0387, DFN-CERT-2012-0343, DFN-CERT-2012-0332, DFN-CERT-2012-0306, DFN-CERT-2012-0264, DFN-CERT-2012-0203, DFN-CERT-2012-0188","http://secunia.com/advisories/47779, http://www.exploit-db.com/exploits/18442, http://rhn.redhat.com/errata/RHSA-2012-0128.html, http://httpd.apache.org/security/vulnerabilities_22.html, http://svn.apache.org/viewvc?view=revision&revision=1235454, http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html"
349310.10.0.4,METASPLOITABLE3,8383,tcp,4.0,Medium,"Mitigation","SSL/TLS: Certificate Signed Using A Weak Signature Algorithm","The remote service is using a SSL/TLS certificate in the certificate chain that has been signed using a
3494 cryptographically weak hashing algorithm.","The following certificates are part of the certificate chain but using insecure signature algorithms:
3495
3496Subject: 1.2.840.113549.1.9.1=#737570706F7274406465736B746F7063656E7472616C2E636F6D,CN=Desktop Central,OU=ManageEngine,O=Zoho Corporation,L=Pleasanton,ST=CA,C=US
3497Signature Algorithm: sha1WithRSAEncryption",1.3.6.1.4.1.25623.1.0.105880,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,14043d76-30f9-4720-805a-e2d42db856a7,"","Servers that use SSL/TLS certificates signed with a weak SHA-1, MD5, MD4 or MD2 hashing algorithm will need to obtain new
3498 SHA-2 signed SSL/TLS certificates to avoid web browser SSL/TLS certificate warnings.","","The following hashing algorithms used for signing SSL/TLS certificates are considered cryptographically weak
3499 and not secure enough for ongoing use:
3500
3501 - Secure Hash Algorithm 1 (SHA-1)
3502
3503 - Message Digest 5 (MD5)
3504
3505 - Message Digest 4 (MD4)
3506
3507 - Message Digest 2 (MD2)
3508
3509 Beginning as late as January 2017 and as early as June 2016, browser developers such as Microsoft and Google will begin warning users when visiting
3510 web sites that use SHA-1 signed Secure Socket Layer (SSL) certificates.
3511
3512 NOTE: The script preference allows to set one or more custom SHA-1 fingerprints of CA certificates which are trusted by this routine. The fingerprints
3513 needs to be passed comma-separated and case-insensitive:
3514
3515 Fingerprint1
3516
3517 or
3518
3519 fingerprint1,Fingerprint2","Check which hashing algorithm was used to sign the remote SSL/TLS certificate.
3520Details:
3521SSL/TLS: Certificate Signed Using A Weak Signature Algorithm
3522(OID: 1.3.6.1.4.1.25623.1.0.105880)
3523Version used: $Revision: 8810 $
3524","","","","https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/"
352510.10.0.4,METASPLOITABLE3,3389,tcp,4.0,Medium,"Mitigation","SSL/TLS: Certificate Signed Using A Weak Signature Algorithm","The remote service is using a SSL/TLS certificate in the certificate chain that has been signed using a
3526 cryptographically weak hashing algorithm.","The following certificates are part of the certificate chain but using insecure signature algorithms:
3527
3528Subject: CN=metasploitable3-win2k8
3529Signature Algorithm: sha1WithRSAEncryption",1.3.6.1.4.1.25623.1.0.105880,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,5c374a93-c553-4efc-a0a1-9165d3baca60,"","Servers that use SSL/TLS certificates signed with a weak SHA-1, MD5, MD4 or MD2 hashing algorithm will need to obtain new
3530 SHA-2 signed SSL/TLS certificates to avoid web browser SSL/TLS certificate warnings.","","The following hashing algorithms used for signing SSL/TLS certificates are considered cryptographically weak
3531 and not secure enough for ongoing use:
3532
3533 - Secure Hash Algorithm 1 (SHA-1)
3534
3535 - Message Digest 5 (MD5)
3536
3537 - Message Digest 4 (MD4)
3538
3539 - Message Digest 2 (MD2)
3540
3541 Beginning as late as January 2017 and as early as June 2016, browser developers such as Microsoft and Google will begin warning users when visiting
3542 web sites that use SHA-1 signed Secure Socket Layer (SSL) certificates.
3543
3544 NOTE: The script preference allows to set one or more custom SHA-1 fingerprints of CA certificates which are trusted by this routine. The fingerprints
3545 needs to be passed comma-separated and case-insensitive:
3546
3547 Fingerprint1
3548
3549 or
3550
3551 fingerprint1,Fingerprint2","Check which hashing algorithm was used to sign the remote SSL/TLS certificate.
3552Details:
3553SSL/TLS: Certificate Signed Using A Weak Signature Algorithm
3554(OID: 1.3.6.1.4.1.25623.1.0.105880)
3555Version used: $Revision: 8810 $
3556","","","","https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/"
355710.10.0.4,METASPLOITABLE3,8443,tcp,4.0,Medium,"Workaround","SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability","The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
3558 (key size < 2048).","Server Temporary Key Size: 768 bits",1.3.6.1.4.1.25623.1.0.106223,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b1fcd81d-7387-4b73-825f-5c33700cc297,"An attacker might be able to decrypt the SSL/TLS communication offline.","Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
3559 a 2048-bit or stronger Diffie-Hellman group (see the references).
3560
3561 For Apache Web Servers:
3562 Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.","","The Diffie-Hellman group are some big numbers that are used as base for
3563 the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size
3564 of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really
3565 powerful attackers like governments.","Checks the DHE temporary public key size.
3566Details:
3567SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerab...
3568(OID: 1.3.6.1.4.1.25623.1.0.106223)
3569Version used: $Revision: 12865 $
3570","","","","https://weakdh.org/, https://weakdh.org/sysadmin.html"
357110.10.0.4,METASPLOITABLE3,8383,tcp,4.0,Medium,"Workaround","SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability","The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
3572 (key size < 2048).","Server Temporary Key Size: 1024 bits",1.3.6.1.4.1.25623.1.0.106223,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,3d5aa2fa-b0a6-4362-a43f-fb73494a6934,"An attacker might be able to decrypt the SSL/TLS communication offline.","Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
3573 a 2048-bit or stronger Diffie-Hellman group (see the references).
3574
3575 For Apache Web Servers:
3576 Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.","","The Diffie-Hellman group are some big numbers that are used as base for
3577 the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size
3578 of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really
3579 powerful attackers like governments.","Checks the DHE temporary public key size.
3580Details:
3581SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerab...
3582(OID: 1.3.6.1.4.1.25623.1.0.106223)
3583Version used: $Revision: 12865 $
3584","","","","https://weakdh.org/, https://weakdh.org/sysadmin.html"
358510.10.0.4,METASPLOITABLE3,8181,tcp,4.0,Medium,"Workaround","SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability","The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
3586 (key size < 2048).","Server Temporary Key Size: 1024 bits",1.3.6.1.4.1.25623.1.0.106223,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,b97cec7d-6df3-4b2d-886c-41253420da46,"An attacker might be able to decrypt the SSL/TLS communication offline.","Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
3587 a 2048-bit or stronger Diffie-Hellman group (see the references).
3588
3589 For Apache Web Servers:
3590 Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.","","The Diffie-Hellman group are some big numbers that are used as base for
3591 the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size
3592 of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really
3593 powerful attackers like governments.","Checks the DHE temporary public key size.
3594Details:
3595SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerab...
3596(OID: 1.3.6.1.4.1.25623.1.0.106223)
3597Version used: $Revision: 12865 $
3598","","","","https://weakdh.org/, https://weakdh.org/sysadmin.html"
359910.10.0.4,METASPLOITABLE3,8031,tcp,4.0,Medium,"Workaround","SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability","The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
3600 (key size < 2048).","Server Temporary Key Size: 768 bits",1.3.6.1.4.1.25623.1.0.106223,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,fbadaf51-519c-448e-ba39-8c3e9969343c,"An attacker might be able to decrypt the SSL/TLS communication offline.","Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
3601 a 2048-bit or stronger Diffie-Hellman group (see the references).
3602
3603 For Apache Web Servers:
3604 Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.","","The Diffie-Hellman group are some big numbers that are used as base for
3605 the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size
3606 of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really
3607 powerful attackers like governments.","Checks the DHE temporary public key size.
3608Details:
3609SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerab...
3610(OID: 1.3.6.1.4.1.25623.1.0.106223)
3611Version used: $Revision: 12865 $
3612","","","","https://weakdh.org/, https://weakdh.org/sysadmin.html"
361310.10.0.4,METASPLOITABLE3,4848,tcp,4.0,Medium,"Workaround","SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability","The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
3614 (key size < 2048).","Server Temporary Key Size: 1024 bits",1.3.6.1.4.1.25623.1.0.106223,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,93774517-a744-4838-96d7-064213358430,"An attacker might be able to decrypt the SSL/TLS communication offline.","Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
3615 a 2048-bit or stronger Diffie-Hellman group (see the references).
3616
3617 For Apache Web Servers:
3618 Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.","","The Diffie-Hellman group are some big numbers that are used as base for
3619 the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size
3620 of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really
3621 powerful attackers like governments.","Checks the DHE temporary public key size.
3622Details:
3623SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerab...
3624(OID: 1.3.6.1.4.1.25623.1.0.106223)
3625Version used: $Revision: 12865 $
3626","","","","https://weakdh.org/, https://weakdh.org/sysadmin.html"
362710.10.0.4,METASPLOITABLE3,3920,tcp,4.0,Medium,"Workaround","SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability","The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
3628 (key size < 2048).","Server Temporary Key Size: 1024 bits",1.3.6.1.4.1.25623.1.0.106223,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,245fb39a-8e18-4477-8327-d9a63457f4ee,"An attacker might be able to decrypt the SSL/TLS communication offline.","Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
3629 a 2048-bit or stronger Diffie-Hellman group (see the references).
3630
3631 For Apache Web Servers:
3632 Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.","","The Diffie-Hellman group are some big numbers that are used as base for
3633 the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size
3634 of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really
3635 powerful attackers like governments.","Checks the DHE temporary public key size.
3636Details:
3637SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerab...
3638(OID: 1.3.6.1.4.1.25623.1.0.106223)
3639Version used: $Revision: 12865 $
3640","","","","https://weakdh.org/, https://weakdh.org/sysadmin.html"
364110.10.0.4,METASPLOITABLE3,3820,tcp,4.0,Medium,"Workaround","SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability","The SSL/TLS service uses Diffie-Hellman groups with insufficient strength
3642 (key size < 2048).","Server Temporary Key Size: 1024 bits",1.3.6.1.4.1.25623.1.0.106223,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,2aecafd2-dc99-4a86-9538-7ecb11e23ee0,"An attacker might be able to decrypt the SSL/TLS communication offline.","Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use
3643 a 2048-bit or stronger Diffie-Hellman group (see the references).
3644
3645 For Apache Web Servers:
3646 Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.","","The Diffie-Hellman group are some big numbers that are used as base for
3647 the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size
3648 of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really
3649 powerful attackers like governments.","Checks the DHE temporary public key size.
3650Details:
3651SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerab...
3652(OID: 1.3.6.1.4.1.25623.1.0.106223)
3653Version used: $Revision: 12865 $
3654","","","","https://weakdh.org/, https://weakdh.org/sysadmin.html"
365510.10.0.4,METASPLOITABLE3,8585,tcp,3.5,Low,"VendorFix","WampServer 3.1.1 XSS Vulnerability","WampServer is prone to an XSS vulnerability.","Installed version: 2.2
3656Fixed version: 3.1.2",1.3.6.1.4.1.25623.1.0.113139,"CVE-2018-8732",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,e1244bdb-7344-4049-ade3-882bfae21010,"Successful exploitation would allow an attacker to create a crafted link to
3657 inject arbitrary HTML and JavaScript into the target website.","Update to version 3.1.2.","WampServer through version 3.1.1.","The XSS is possible through the virtual_del parameter.","The script checks if a vulnerable version is present on the target host.
3658Details:
3659WampServer 3.1.1 XSS Vulnerability
3660(OID: 1.3.6.1.4.1.25623.1.0.113139)
3661Version used: $Revision: 12216 $
3662","Product: cpe:/a:wampserver:wampserver:2.2
3663Method: WampServer Version Detection
3664(OID: 1.3.6.1.4.1.25623.1.0.800297)
3665","","","http://forum.wampserver.com/read.php?2, 138295, 150615, page=6#msg-150615"
366610.10.0.4,METASPLOITABLE3,8484,tcp,3.5,Low,"Workaround","Jenkins 2.93 XSS Vulnerability (Windows)","Jenkins through 2.93 is prone to an XSS vulnerability.","Installed version: 1.637
3667Fixed version: Workaround",1.3.6.1.4.1.25623.1.0.113064,"CVE-2017-17383",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,e064770a-6d3c-4c82-9613-a69e7c4a93a7,"Successful exploitation would allow an authenticated attacker to expose other users to malicious code.","Please refer to the vendor advisory for a workaround.","Jenkins through version 2.93","An authenticated attacker can use a crafted tool name in a job configuration form to conduct XSS attacks.","The script checks if the vulnerable version is present on the target host.
3668Details:
3669Jenkins 2.93 XSS Vulnerability (Windows)
3670(OID: 1.3.6.1.4.1.25623.1.0.113064)
3671Version used: $Revision: 12761 $
3672","Product: cpe:/a:jenkins:jenkins:1.637
3673Method: Jenkins CI Detection
3674(OID: 1.3.6.1.4.1.25623.1.0.111001)
3675","","","https://jenkins.io/security/advisory/2017-12-05/"
367610.10.0.4,METASPLOITABLE3,8585,tcp,3.3,Low,"VendorFix","PHP Symlink Attack Vulnerability (Windows)","This host is installed with PHP and is prone
3677 to symlink attack vulnerability.","Installed version: 5.3.10
3678Fixed version: 5.3.29",1.3.6.1.4.1.25623.1.0.809735,"CVE-2014-3981",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,9c49b818-b740-4cca-bc00-ff03f606b3b2,"Successfully exploiting this issue allows local
3679 users to overwrite arbitrary files via a symlink attack on the
3680 '/tmp/phpglibccheck' file.","Update to PHP version 5.5.14 or 5.4.30
3681 or 5.3.29 or later.","PHP versions 5.5.x before 5.5.14, 5.4.x
3682 before 5.4.30, 5.3.x before 5.3.29 on Windows","The flaw is due to insecure temporary file
3683 use in the configure script.","Checks if a vulnerable version is present on the target host.
3684Details:
3685PHP Symlink Attack Vulnerability (Windows)
3686(OID: 1.3.6.1.4.1.25623.1.0.809735)
3687Version used: $Revision: 12313 $
3688","Product: cpe:/a:php:php:5.3.10
3689Method: PHP Version Detection (Remote)
3690(OID: 1.3.6.1.4.1.25623.1.0.800109)
3691","67837","CB-K15/0493, CB-K14/1174, CB-K14/1110, CB-K14/0805, DFN-CERT-2014-1166, DFN-CERT-2014-0839","http://php.net/ChangeLog-5.php, https://bugs.php.net/bug.php?id=67390, http://seclists.org/fulldisclosure/2014/Jun/21, http://www.php.net"
369210.10.0.4,METASPLOITABLE3,49269,tcp,2.6,Low,"Mitigation","SSH Weak MAC Algorithms Supported","The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorithms.","The following weak client-to-server MAC algorithms are supported by the remote service:
3693
3694hmac-md5
3695hmac-md5-96
3696hmac-sha1-96
3697
3698
3699The following weak server-to-client MAC algorithms are supported by the remote service:
3700
3701hmac-md5
3702hmac-md5-96
3703hmac-sha1-96",1.3.6.1.4.1.25623.1.0.105610,"NOCVE",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,cdc069b4-0c0a-4531-89f3-50d4e9e07f04,"","Disable the weak MAC algorithms.","","","
3704Details:
3705SSH Weak MAC Algorithms Supported
3706(OID: 1.3.6.1.4.1.25623.1.0.105610)
3707Version used: $Revision: 4490 $
3708","","","",""
370910.10.0.4,METASPLOITABLE3,8585,tcp,2.6,Low,"VendorFix","PHP pdo_sql_parser.re PDO extension DoS vulnerability (Windows)","This host is installed with PHP and is prone denial of service
3710 vulnerability.","Installed version: 5.3.10
3711Fixed version: 5.3.14/5.4.4",1.3.6.1.4.1.25623.1.0.802670,"CVE-2012-3450",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,4dc7bd28-67ac-4395-99d3-07f9d87679d9,"Successful exploitation could allow remote attackers to cause a denial of
3712 service condition.","Upgrade to PHP Version 5.3.14 or 5.4.4 or later.","PHP version before 5.3.14 and 5.4.x before 5.4.4 on Windows","The flaw is due to an error in the PDO extension in pdo_sql_parser.re
3713 file, which fails to determine the end of the query string during parsing of
3714 prepared statements.","
3715Details:
3716PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows)
3717(OID: 1.3.6.1.4.1.25623.1.0.802670)
3718Version used: $Revision: 11857 $
3719","Product: cpe:/a:php:php:5.3.10
3720Method: PHP Version Detection (Remote)
3721(OID: 1.3.6.1.4.1.25623.1.0.800109)
3722","54777","DFN-CERT-2012-1654, DFN-CERT-2012-1560","http://seclists.org/bugtraq/2012/Jun/60, http://www.php.net/ChangeLog-5.php, https://bugs.php.net/bug.php?id=61755, https://bugzilla.novell.com/show_bug.cgi?id=769785, http://php.net/downloads.php"
372310.10.0.4,METASPLOITABLE3,8585,tcp,1.9,Low,"VendorFix","PHP Security Bypass Vulnerability May18 (Windows)","The host is installed with php and is prone
3724 to security bypass vulnerability.","Installed version: 5.3.10
3725Fixed version: 5.6.35
3726Installation
3727path / port: 8585/tcp",1.3.6.1.4.1.25623.1.0.813161,"CVE-2018-10545",4ab81797-a9bf-44a9-a9f2-6cc5c1a5cba9,"metasploitable 3(windows)",2019-01-30T12:08:34Z,92a6f9ea-0a10-4f3c-aea2-e753e10764ff,"Successful exploitation will allow an attacker
3728 to bypass security restrictions and access sensitive configuration data for
3729 other accounts directly in the PHP worker process's memory.","Upgrade to version 7.2.4 or 7.0.29 or
3730 5.6.35 or 7.1.16 or later. For updates refer to Reference links.","PHP versions prior to 5.6.35,
3731
3732 PHP versions 7.2.x prior to 7.2.4,
3733
3734 PHP versions 7.0.x prior to 7.0.29,
3735
3736 PHP versions 7.1.x prior to 7.1.16 on Windows.","The flaw exists as the dumpable FPM child
3737 processes allow bypassing opcache access controls","Checks if a vulnerable version is present on the target host.
3738Details:
3739PHP Security Bypass Vulnerability May18 (Windows)
3740(OID: 1.3.6.1.4.1.25623.1.0.813161)
3741Version used: $Revision: 12120 $
3742","Product: cpe:/a:php:php:5.3.10
3743Method: PHP Version Detection (Remote)
3744(OID: 1.3.6.1.4.1.25623.1.0.800109)
3745","","CB-K18/0633, DFN-CERT-2018-1232, DFN-CERT-2018-0920, DFN-CERT-2018-0877","http://www.php.net/ChangeLog-5.php#5.6.35, http://www.php.net/ChangeLog-7.php#7.0.29, http://www.php.net/ChangeLog-7.php#7.1.16, http://www.php.net/ChangeLog-7.php#7.2.4"