Advertisement
Guest User

Nmap

a guest
May 22nd, 2019
252
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 47.66 KB | None | 0 0
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <!DOCTYPE nmaprun>
  3. <?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
  4. <!-- Nmap 7.70 scan initiated Wed May 22 14:37:45 2019 as: nmap -&#45;script vulscan -sV -oX report.xml 10.0.4.9 -->
  5. <nmaprun scanner="nmap" args="nmap -&#45;script vulscan -sV -oX report.xml 10.0.4.9" start="1558532265" startstr="Wed May 22 14:37:45 2019" version="7.70" xmloutputversion="1.04">
  6. <scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
  7. <verbose level="0"/>
  8. <debugging level="0"/>
  9. <host starttime="1558532266" endtime="1558532291"><status state="up" reason="echo-reply" reason_ttl="63"/>
  10. <address addr="10.0.4.9" addrtype="ipv4"/>
  11. <hostnames>
  12. </hostnames>
  13. <ports><extraports state="closed" count="997">
  14. <extrareasons reason="resets" count="997"/>
  15. </extraports>
  16. <port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ftp" product="vsftpd" version="2.3.5" ostype="Unix" method="probed" conf="10"><cpe>cpe:/a:vsftpd:vsftpd:2.3.5</cpe></service><script id="vulscan" output="scip VulDB - http://www.scip.ch/en/?vuldb:&#xa;[43110] vsftpd up to 2.0.4 Memory Leak denial of service&#xa;&#xa;MITRE CVE - http://cve.mitre.org:&#xa;[CVE-2011-0762] The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.&#xa;&#xa;OSVDB - http://www.osvdb.org:&#xa;[73573] vsftpd on vsftpd.beasts.org Trojaned Distribution&#xa;[73340] vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS&#xa;[61362] Vsftpd Webmin Module Unspecified Issues&#xa;[46930] Red Hat Linux vsftpd w/ PAM Memory Exhaustion Remote DoS&#xa;[45626] vsftpd deny_file Option Crafted FTP Data Remote Memory Exhaustion DoS&#xa;[36515] BlockHosts sshd/vsftpd hosts.allow Arbitrary Deny Entry Manipulation&#xa;[28610] vsftpd SIGURG Handler Unspecified Issue&#xa;[28609] vsftpd tunable_chroot_local_user Filesystem Root Access&#xa;[6861] vsftpd Login Error Message Username Enumeration&#xa;[6306] vsftpd Connection Handling DoS&#xa;[4564] vsftpd on Red Hat Linux Restricted Access Failure&#xa;&#xa;SecurityFocus - http://www.securityfocus.com/bid/:&#xa;[82285] Vsftpd CVE-2004-0042 Remote Security Vulnerability&#xa;[72451] vsftpd CVE-2015-1419 Security Bypass Vulnerability&#xa;[51013] vsftpd &apos;__tzfile_read()&apos; Function Heap Based Buffer Overflow Vulnerability&#xa;[48539] vsftpd Compromised Source Packages Backdoor Vulnerability&#xa;[46617] vsftpd FTP Server &apos;ls.c&apos; Remote Denial of Service Vulnerability&#xa;[41443] Vsftpd Webmin Module Multiple Unspecified Vulnerabilities&#xa;[30364] vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability&#xa;[29322] vsftpd FTP Server &apos;deny_file&apos; Option Remote Denial of Service Vulnerability&#xa;[10394] Vsftpd Listener Denial of Service Vulnerability&#xa;[7253] Red Hat Linux 9 vsftpd Compiling Error Weakness&#xa;&#xa;SecurityTracker - http://www.securitytracker.com:&#xa;[1025186] vsftpd vsf_filename_passes_filter() Bug Lets Remote Authenticated Users Deny Service&#xa;[1020546] vsftpd Memory Leak When Invalid Authentication Attempts Occur Lets Remote Authenticated Users Deny Service&#xa;[1020079] vsftpd Memory Leak in &apos;deny_file&apos; Option Lets Remote Authenticated Users Deny Service&#xa;[1008628] vsftpd Discloses Whether Usernames are Valid or Not&#xa;&#xa;IBM X-Force - http://xforce.iss.net:&#xa;[68366] vsftpd package backdoor&#xa;[65873] vsftpd vsf_filename_passes_filter denial of service&#xa;[55148] VSFTPD-WEBMIN-MODULE unknown unspecified&#xa;[43685] vsftpd authentication attempts denial of service&#xa;[42593] vsftpd deny_file denial of service&#xa;[16222] vsftpd connection denial of service&#xa;[14844] vsftpd message allows attacker to obtain username&#xa;[11729] Red Hat Linux vsftpd FTP daemon tcp_wrapper could allow an attacker to gain access to server&#xa;&#xa;Exploit-DB - http://www.exploit-db.com:&#xa;[17491] VSFTPD 2.3.4 - Backdoor Command Execution&#xa;[16270] vsftpd 2.3.2 - Denial of Service Vulnerability&#xa;&#xa;OpenVAS (Nessus) - http://www.openvas.org:&#xa;[70770] Gentoo Security Advisory GLSA 201110-07 (vsftpd)&#xa;[70399] Debian Security Advisory DSA 2305-1 (vsftpd)&#xa;&#xa;"/></port>
  17. <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="ssh" product="OpenSSH" version="5.9p1 Debian 5ubuntu1.10" extrainfo="Ubuntu Linux; protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:5.9p1</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="vulscan" output="scip VulDB - http://www.scip.ch/en/?vuldb:&#xa;[80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption&#xa;[80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure&#xa;[4584] OpenSSH up to 5.7 auth-options.c information disclosure&#xa;[4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption&#xa;&#xa;MITRE CVE - http://cve.mitre.org:&#xa;[CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite.  NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.&#xa;[CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field.  NOTE: there may be limited scenarios in which this issue is relevant.&#xa;[CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.&#xa;[CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.&#xa;[CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.&#xa;[CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.&#xa;[CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact.  NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points.  As of 20080827, no unofficial distributions of this software are known.&#xa;[CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.&#xa;[CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.&#xa;&#xa;OSVDB - http://www.osvdb.org:&#xa;[92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass&#xa;[90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation&#xa;[90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS&#xa;[81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS&#xa;[78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure&#xa;[75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure&#xa;[75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS&#xa;[75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS&#xa;[72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure&#xa;[70873] OpenSSH Legacy Certificates Stack Memory Disclosure&#xa;[69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass&#xa;[67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow&#xa;[59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness&#xa;[58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation&#xa;[56921] OpenSSH Unspecified Remote Compromise&#xa;[53021] OpenSSH on ftp.openbsd.org Trojaned Distribution&#xa;[50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure&#xa;[49386] OpenSSH sshd TCP Connection State Remote Account Enumeration&#xa;[48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access&#xa;[47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution&#xa;[47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking&#xa;[45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS&#xa;[43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution&#xa;[43745] OpenSSH X11 Forwarding Local Session Hijacking&#xa;[43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass&#xa;[39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection&#xa;[37315] pam_usb OpenSSH Authentication Unspecified Issue&#xa;[34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS&#xa;[34601] OPIE w/ OpenSSH Account Enumeration&#xa;[34600] OpenSSH S/KEY Authentication Account Enumeration&#xa;[32721] OpenSSH Username Password Complexity Account Enumeration&#xa;[30232] OpenSSH Privilege Separation Monitor Weakness&#xa;[29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS&#xa;[29266] OpenSSH GSSAPI Authentication Abort Username Enumeration&#xa;[29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution&#xa;[29152] OpenSSH Identical Block Packet DoS&#xa;[27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS&#xa;[23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS&#xa;[22692] OpenSSH scp Command Line Filename Processing Command Injection&#xa;[20216] OpenSSH with KerberosV Remote Authentication Bypass&#xa;[19142] OpenSSH Multiple X11 Channel Forwarding Leaks&#xa;[19141] OpenSSH GSSAPIAuthentication Credential Escalation&#xa;[18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass&#xa;[16567] OpenSSH Privilege Separation LoginGraceTime DoS&#xa;[16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS&#xa;[9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness&#xa;[9550] OpenSSH scp Traversal Arbitrary File Overwrite&#xa;[6601] OpenSSH *realloc() Unspecified Memory Errors&#xa;[6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow&#xa;[6073] OpenSSH on FreeBSD libutil Arbitrary File Read&#xa;[6072] OpenSSH PAM Conversation Function Stack Modification&#xa;[6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation&#xa;[5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass&#xa;[5408] OpenSSH echo simulation Information Disclosure&#xa;[5113] OpenSSH NIS YP Netgroups Authentication Bypass&#xa;[4536] OpenSSH Portable AIX linker Privilege Escalation&#xa;[3938] OpenSSL and OpenSSH /dev/random Check Failure&#xa;[3456] OpenSSH buffer_append_space() Heap Corruption&#xa;[2557] OpenSSH Multiple Buffer Management Multiple Overflows&#xa;[2140] OpenSSH w/ PAM Username Validity Timing Attack&#xa;[2112] OpenSSH Reverse DNS Lookup Bypass&#xa;[2109] OpenSSH sshd Root Login Timing Side-Channel Weakness&#xa;[1853] OpenSSH Symbolic Link &apos;cookies&apos; File Removal&#xa;[839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow&#xa;[781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow&#xa;[730] OpenSSH Channel Code Off by One Remote Privilege Escalation&#xa;[688] OpenSSH UseLogin Environment Variable Local Command Execution&#xa;[642] OpenSSH Multiple Key Type ACL Bypass&#xa;[504] OpenSSH SSHv2 Public Key Authentication Bypass&#xa;[341] OpenSSH UseLogin Local Privilege Escalation&#xa;&#xa;SecurityFocus - http://www.securityfocus.com/bid/:&#xa;[102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities&#xa;[101552] OpenSSH &apos;sftp-server.c&apos; Remote Security Bypass Vulnerability&#xa;[94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability&#xa;[94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability&#xa;[94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability&#xa;[94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability&#xa;[93776] OpenSSH &apos;ssh/kex.c&apos; Denial of Service Vulnerability&#xa;[92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability&#xa;[92210] OpenSSH CBC Padding Weak Encryption Security Weakness&#xa;[92209] OpenSSH MAC Verification Security Bypass Vulnerability&#xa;[91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability&#xa;[90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability&#xa;[90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability&#xa;[89385] OpenSSH CVE-2005-2666 Local Security Vulnerability&#xa;[88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability&#xa;[88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability&#xa;[88367] OpenSSH CVE-1999-1010 Local Security Vulnerability&#xa;[87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability&#xa;[86187] OpenSSH &apos;session.c&apos; Local Security Bypass Vulnerability&#xa;[86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability&#xa;[84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability&#xa;[84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability&#xa;[84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability&#xa;[81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability&#xa;[80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability&#xa;[80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability&#xa;[76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability&#xa;[76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities&#xa;[75990] OpenSSH Login Handling Security Bypass Weakness&#xa;[75525] OpenSSH &apos;x11_open_helper()&apos; Function Security Bypass Vulnerability&#xa;[71420] Portable OpenSSH &apos;gss-serv-krb5.c&apos; Security Bypass Vulnerability&#xa;[68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities&#xa;[66459] OpenSSH Certificate Validation Security Bypass Vulnerability&#xa;[66355] OpenSSH &apos;child_set_env()&apos; Function Security Bypass Vulnerability&#xa;[65674] OpenSSH &apos;ssh-keysign.c&apos; Local Information Disclosure Vulnerability&#xa;[65230] OpenSSH &apos;schnorr.c&apos; Remote Memory Corruption Vulnerability&#xa;[63605] OpenSSH &apos;sshd&apos; Process Remote Memory Corruption Vulnerability&#xa;[61286] OpenSSH Remote Denial of Service Vulnerability&#xa;[58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability&#xa;[58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability&#xa;[54114] OpenSSH &apos;ssh_gssapi_parse_ename()&apos; Function Denial of Service Vulnerability&#xa;[51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability&#xa;[50416] Linux Kernel &apos;kdump&apos; and &apos;mkdumprd&apos; OpenSSH Integration Remote Information Disclosure Vulnerability&#xa;[49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness&#xa;[48507] OpenSSH &apos;pam_thread()&apos; Remote Buffer Overflow Vulnerability&#xa;[47691] Portable OpenSSH &apos;ssh-keysign&apos; Local Unauthorized Access Vulnerability&#xa;[46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability&#xa;[45304] OpenSSH J-PAKE Security Bypass Vulnerability&#xa;[36552] Red Hat Enterprise Linux OpenSSH &apos;ChrootDirectory&apos; Option Local Privilege Escalation Vulnerability&#xa;[32319] OpenSSH CBC Mode Information Disclosure Vulnerability&#xa;[30794] Red Hat OpenSSH Backdoor Vulnerability&#xa;[30339] OpenSSH &apos;X11UseLocalhost&apos; X11 Forwarding Session Hijacking Vulnerability&#xa;[30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability&#xa;[28531] OpenSSH ForceCommand Command Execution Weakness&#xa;[28444] OpenSSH X Connections Session Hijacking Vulnerability&#xa;[26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness&#xa;[25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability&#xa;[23601] OpenSSH S/Key Remote Information Disclosure Vulnerability&#xa;[20956] OpenSSH Privilege Separation Key Signature Weakness&#xa;[20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness&#xa;[20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness&#xa;[20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability&#xa;[20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability&#xa;[16892] OpenSSH Remote PAM Denial Of Service Vulnerability&#xa;[14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability&#xa;[14729] OpenSSH GSSAPI Credential Disclosure Vulnerability&#xa;[14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability&#xa;[11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability&#xa;[9986] RCP, OpenSSH SCP Client File Corruption Vulnerability&#xa;[9040] OpenSSH PAM Conversation Memory Scrubbing Weakness&#xa;[8677] Multiple Portable OpenSSH PAM Vulnerabilities&#xa;[8628] OpenSSH Buffer Mismanagement Vulnerabilities&#xa;[7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability&#xa;[7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness&#xa;[7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability&#xa;[7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness&#xa;[6168] OpenSSH Visible Password Vulnerability&#xa;[5374] OpenSSH Trojan Horse Vulnerability&#xa;[5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities&#xa;[4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability&#xa;[4241] OpenSSH Channel Code Off-By-One Vulnerability&#xa;[3614] OpenSSH UseLogin Environment Variable Passing Vulnerability&#xa;[3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability&#xa;[3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability&#xa;[3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability&#xa;[2917] OpenSSH PAM Session Evasion Vulnerability&#xa;[2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability&#xa;[2356] OpenSSH Private Key Authentication Check Vulnerability&#xa;[1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability&#xa;[1334] OpenSSH UseLogin Vulnerability&#xa;&#xa;SecurityTracker - http://www.securitytracker.com:&#xa;[1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code&#xa;[1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information&#xa;[1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code&#xa;[1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges&#xa;[1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users&#xa;[1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges&#xa;[1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases&#xa;[1020891] OpenSSH on Debian Lets Remote Users Prevent Logins&#xa;[1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised&#xa;[1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions&#xa;[1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands&#xa;[1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases&#xa;[1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service&#xa;[1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process&#xa;[1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution&#xa;[1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames&#xa;[1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service&#xa;[1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service&#xa;[1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service&#xa;[1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases&#xa;[1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases&#xa;[1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases&#xa;[1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services&#xa;[1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code&#xa;[1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code&#xa;[1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users&#xa;[1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users&#xa;[1004818] OpenSSH&apos;s Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks&#xa;[1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System&#xa;[1004391] OpenSSH &apos;BSD_AUTH&apos; Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System&#xa;[1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions&#xa;[1003758] OpenSSH Off-by-one &apos;Channels&apos; Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges&#xa;[1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access&#xa;[1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted&#xa;[1002734] OpenSSH&apos;s S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts&#xa;[1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations&#xa;[1002432] OpenSSH&apos;s Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server&#xa;[1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies&#xa;&#xa;IBM X-Force - http://xforce.iss.net:&#xa;[83258] GSI-OpenSSH auth-pam.c security bypass&#xa;[82781] OpenSSH time limit denial of service&#xa;[82231] OpenSSH pam_ssh_agent_auth PAM code execution&#xa;[74809] OpenSSH ssh_gssapi_parse_ename denial of service&#xa;[72756] Debian openssh-server commands information disclosure&#xa;[68339] OpenSSH pam_thread buffer overflow&#xa;[67264] OpenSSH ssh-keysign unauthorized access&#xa;[65910] OpenSSH remote_glob function denial of service&#xa;[65163] OpenSSH certificate information disclosure&#xa;[64387] OpenSSH J-PAKE security bypass&#xa;[63337] Cisco Unified Videoconferencing OpenSSH weak security&#xa;[46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure&#xa;[45202] OpenSSH signal handler denial of service&#xa;[44747] RHEL OpenSSH backdoor&#xa;[44280] OpenSSH PermitRootLogin information disclosure&#xa;[44279] OpenSSH sshd weak security&#xa;[44037] OpenSSH sshd SELinux role unauthorized access&#xa;[43940] OpenSSH X11 forwarding information disclosure&#xa;[41549] OpenSSH ForceCommand directive security bypass&#xa;[41438] OpenSSH sshd session hijacking&#xa;[40897] OpenSSH known_hosts weak security&#xa;[40587] OpenSSH username weak security&#xa;[37371] OpenSSH username data manipulation&#xa;[37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed&#xa;[37112] RHSA update for OpenSSH signal handler race condition not installed&#xa;[37107] RHSA update for OpenSSH identical block denial of service not installed&#xa;[36637] OpenSSH X11 cookie privilege escalation&#xa;[35167] OpenSSH packet.c newkeys[mode] denial of service&#xa;[34490] OpenSSH OPIE information disclosure&#xa;[33794] OpenSSH ChallengeResponseAuthentication information disclosure&#xa;[32975] Apple Mac OS X OpenSSH denial of service&#xa;[32387] RHSA-2006:0738 updates for openssh not installed&#xa;[32359] RHSA-2006:0697 updates for openssh not installed&#xa;[32230] RHSA-2006:0298 updates for openssh not installed&#xa;[32132] RHSA-2006:0044 updates for openssh not installed&#xa;[30120] OpenSSH privilege separation monitor authentication verification weakness&#xa;[29255] OpenSSH GSSAPI user enumeration&#xa;[29254] OpenSSH signal handler race condition&#xa;[29158] OpenSSH identical block denial of service&#xa;[28147] Apple Mac OS X OpenSSH nonexistent user login denial of service&#xa;[25116] OpenSSH OpenPAM denial of service&#xa;[24305] OpenSSH SCP shell expansion command execution&#xa;[22665] RHSA-2005:106 updates for openssh not installed&#xa;[22117] OpenSSH GSSAPI allows elevated privileges&#xa;[22115] OpenSSH GatewayPorts security bypass&#xa;[20930] OpenSSH sshd.c LoginGraceTime denial of service&#xa;[19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service&#xa;[17213] OpenSSH allows port bouncing attacks&#xa;[16323] OpenSSH scp file overwrite&#xa;[13797] OpenSSH PAM information leak&#xa;[13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack&#xa;[13264] OpenSSH PAM code could allow an attacker to gain access&#xa;[13215] OpenSSH buffer management errors could allow an attacker to execute code&#xa;[13214] OpenSSH memory vulnerabilities&#xa;[13191] OpenSSH large packet buffer overflow&#xa;[12196] OpenSSH could allow an attacker to bypass login restrictions&#xa;[11970] OpenSSH could allow an attacker to obtain valid administrative account&#xa;[11902] OpenSSH PAM support enabled information leak&#xa;[9803] OpenSSH &amp;quot&#xa;[9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse&#xa;[9307] OpenSSH is running on the system&#xa;[9169] OpenSSH &amp;quot&#xa;[8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow&#xa;[8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database&#xa;[8383] OpenSSH off-by-one error in channel code&#xa;[7647] OpenSSH UseLogin option arbitrary code execution&#xa;[7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions&#xa;[7598] OpenSSH with Kerberos allows attacker to gain elevated privileges&#xa;[7179] OpenSSH source IP access control bypass&#xa;[6757] OpenSSH &amp;quot&#xa;[6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files&#xa;[6084] OpenSSH 2.3.1 allows remote users to bypass authentication&#xa;[5517] OpenSSH allows unauthorized access to resources&#xa;[4646] OpenSSH UseLogin option allows remote users to execute commands as root&#xa;&#xa;Exploit-DB - http://www.exploit-db.com:&#xa;[21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)&#xa;[21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)&#xa;[21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability&#xa;[21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability&#xa;[20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability&#xa;[17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit&#xa;[14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow&#xa;[6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)&#xa;[3303] Portable OpenSSH &lt;= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit&#xa;[2444] OpenSSH &lt;= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit&#xa;[1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service&#xa;[258] glibc-2.2 and openssh-2.3.0p1 exploits glibc =&gt; 2.1.9x&#xa;[26] OpenSSH/PAM &lt;= 3.6.1p1 Remote Users Ident (gossh.sh)&#xa;[25] OpenSSH/PAM &lt;= 3.6.1p1 Remote Users Discovery Tool&#xa;&#xa;OpenVAS (Nessus) - http://www.openvas.org:&#xa;[902488] OpenSSH &apos;sshd&apos; GSSAPI Credential Disclosure Vulnerability&#xa;[900179] OpenSSH CBC Mode Information Disclosure Vulnerability&#xa;[881183] CentOS Update for openssh CESA-2012:0884 centos6 &#xa;[880802] CentOS Update for openssh CESA-2009:1287 centos5 i386&#xa;[880746] CentOS Update for openssh CESA-2009:1470 centos5 i386&#xa;[870763] RedHat Update for openssh RHSA-2012:0884-04&#xa;[870129] RedHat Update for openssh RHSA-2008:0855-01&#xa;[861813] Fedora Update for openssh FEDORA-2010-5429&#xa;[861319] Fedora Update for openssh FEDORA-2007-395&#xa;[861170] Fedora Update for openssh FEDORA-2007-394&#xa;[861012] Fedora Update for openssh FEDORA-2007-715&#xa;[840345] Ubuntu Update for openssh vulnerability USN-597-1&#xa;[840300] Ubuntu Update for openssh update USN-612-5&#xa;[840271] Ubuntu Update for openssh vulnerability USN-612-2&#xa;[840268] Ubuntu Update for openssh update USN-612-7&#xa;[840259] Ubuntu Update for openssh vulnerabilities USN-649-1&#xa;[840214] Ubuntu Update for openssh vulnerability USN-566-1&#xa;[831074] Mandriva Update for openssh MDVA-2010:162 (openssh)&#xa;[830929] Mandriva Update for openssh MDVA-2010:090 (openssh)&#xa;[830807] Mandriva Update for openssh MDVA-2010:026 (openssh)&#xa;[830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)&#xa;[830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)&#xa;[830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)&#xa;[830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)&#xa;[802407] OpenSSH &apos;sshd&apos; Challenge Response Authentication Buffer Overflow Vulnerability&#xa;[103503] openssh-server Forced Command Handling Information Disclosure Vulnerability&#xa;[103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness&#xa;[103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability&#xa;[100584] OpenSSH X Connections Session Hijacking Vulnerability&#xa;[100153] OpenSSH CBC Mode Information Disclosure Vulnerability&#xa;[66170] CentOS Security Advisory CESA-2009:1470 (openssh)&#xa;[65987] SLES10: Security update for OpenSSH&#xa;[65819] SLES10: Security update for OpenSSH&#xa;[65514] SLES9: Security update for OpenSSH&#xa;[65513] SLES9: Security update for OpenSSH&#xa;[65334] SLES9: Security update for OpenSSH&#xa;[65248] SLES9: Security update for OpenSSH&#xa;[65218] SLES9: Security update for OpenSSH&#xa;[65169] SLES9: Security update for openssh,openssh-askpass&#xa;[65126] SLES9: Security update for OpenSSH&#xa;[65019] SLES9: Security update for OpenSSH&#xa;[65015] SLES9: Security update for OpenSSH&#xa;[64931] CentOS Security Advisory CESA-2009:1287 (openssh)&#xa;[61639] Debian Security Advisory DSA 1638-1 (openssh)&#xa;[61030] Debian Security Advisory DSA 1576-2 (openssh)&#xa;[61029] Debian Security Advisory DSA 1576-1 (openssh)&#xa;[60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)&#xa;[60803] Gentoo Security Advisory GLSA 200804-03 (openssh)&#xa;[60667] Slackware Advisory SSA:2008-095-01 openssh &#xa;[59014] Slackware Advisory SSA:2007-255-01 openssh &#xa;[58741] Gentoo Security Advisory GLSA 200711-02 (openssh)&#xa;[57919] Gentoo Security Advisory GLSA 200611-06 (openssh)&#xa;[57895] Gentoo Security Advisory GLSA 200609-17 (openssh)&#xa;[57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))&#xa;[57492] Slackware Advisory SSA:2006-272-02 openssh &#xa;[57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)&#xa;[57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)&#xa;[57470] FreeBSD Ports: openssh&#xa;[56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)&#xa;[56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)&#xa;[56294] Slackware Advisory SSA:2006-045-06 openssh &#xa;[53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages &#xa;[53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory &#xa;[53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again &#xa;[53788] Debian Security Advisory DSA 025-1 (openssh)&#xa;[52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)&#xa;[52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)&#xa;[11343] OpenSSH Client Unauthorized Remote Forwarding&#xa;[10954] OpenSSH AFS/Kerberos ticket/token passing&#xa;[10883] OpenSSH Channel Code Off by 1&#xa;[10823] OpenSSH UseLogin Environment Variables&#xa;&#xa;"/></port>
  18. <port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/><service name="http" product="Apache httpd" version="2.2.22" extrainfo="(Ubuntu)" method="probed" conf="10"><cpe>cpe:/a:apache:http_server:2.2.22</cpe></service><script id="http-server-header" output="Apache/2.2.22 (Ubuntu)"><elem>Apache/2.2.22 (Ubuntu)</elem>
  19. </script><script id="vulscan" output="scip VulDB - http://www.scip.ch/en/?vuldb:&#xa;[9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure&#xa;[4583] Apache httpd up to 2.2.21 Threaded MPM denial of service&#xa;[4582] Apache httpd up to 2.2.21 protocol.c information disclosure&#xa;[2393] Apache httpd up to 2.2.2 HTTP Header cross site scripting&#xa;&#xa;MITRE CVE - http://cve.mitre.org:&#xa;[CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.&#xa;[CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.&#xa;[CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.&#xa;[CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.&#xa;[CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.&#xa;[CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.&#xa;[CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.&#xa;[CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.&#xa;[CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.&#xa;[CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.&#xa;[CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.&#xa;[CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the &quot;len +=&quot; statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.&#xa;[CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.&#xa;[CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.&#xa;[CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.&#xa;[CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary &quot;error state&quot; in the backend server) via a malformed HTTP request.&#xa;[CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.&#xa;[CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.&#xa;&#xa;OSVDB - http://www.osvdb.org:&#xa;[20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure&#xa;&#xa;SecurityFocus - http://www.securityfocus.com/bid/:&#xa;[42102] Apache &apos;mod_proxy_http&apos; 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability&#xa;[27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 &apos;mod_status&apos; Cross-Site Scripting Vulnerability&#xa;&#xa;SecurityTracker - http://www.securitytracker.com:&#xa;[1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters&#xa;[1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases&#xa;[1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service&#xa;[1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code&#xa;[1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users&#xa;&#xa;IBM X-Force - http://xforce.iss.net:&#xa;[75211] Debian GNU/Linux apache 2 cross-site scripting&#xa;&#xa;Exploit-DB - http://www.exploit-db.com:&#xa;[28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability&#xa;[31052] Apache &lt;= 2.2.6 &apos;mod_negotiation&apos; HTML Injection and HTTP Response Splitting Vulnerability&#xa;[30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability&#xa;[30835] Apache HTTP Server &lt;= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness&#xa;[27915] Apache James 2.2 SMTP Denial of Service Vulnerability&#xa;[18984] Apache Struts &lt;= 2.2.1.1 - Remote Command Execution&#xa;[17691] Apache Struts &lt; 2.2.0 - Remote Command Execution&#xa;[15319] Apache 2.2 (Windows) Local Denial of Service&#xa;[11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit&#xa;[2237] Apache &lt; 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC&#xa;&#xa;OpenVAS (Nessus) - http://www.openvas.org:&#xa;[100858] Apache &apos;mod_proxy_http&apos; 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability&#xa;&#xa;"/></port>
  20. </ports>
  21. <times srtt="698" rttvar="53" to="100000"/>
  22. </host>
  23. <runstats><finished time="1558532291" timestr="Wed May 22 14:38:11 2019" elapsed="26.41" summary="Nmap done at Wed May 22 14:38:11 2019; 1 IP address (1 host up) scanned in 26.41 seconds" exit="success"/><hosts up="1" down="0" total="1"/>
  24. </runstats>
  25. </nmaprun>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement