ISS ICEcap Default Password

The ICEcap package has a default login of 'iceman' with no password. An attacker may use this fact to log into the console and/or push false alerts on port 8082. In addition to this, an attacker may inject code in ICEcap v2.0.23 and below. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Than...

Target Credential Issues by Authentication Protocol - Intermittent Authentication Failure

Nessus was able to successfully authenticate to the remote host on an authentication protocol at least once using credentials provided in the scan policy. However, one or more plugins failed to authenticate to the remote host on the same port and protocol using the same credential set that was...

HSTS Missing From HTTPS Server (RFC 6797)

The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens...

F5 BIG-IP Cookie Remote Information Disclosure

The remote host appears to be an F5 BIG-IP load balancer. The load balancer encodes the IP address of the actual web server that it is acting on behalf of within a cookie. Additionally, information after 'BIGipServer' is configured by the user and may be the logical name of the device. These valu...

Oracle WebLogic Java Object Deserialization RCE

The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS Security component due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this to execute...

Security Updates for Microsoft .NET Framework (August 2020)

The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An...

Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)

The remote host Windows and/or Samba server supports Server Message Block Protocol version 1 SMBv1. Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, most security and compliance agencies...

Fortinet FortiOS SSL VPN Directory Traversal Vulnerability (FG-IR-18-384) (Direct Check)

The remote host is running a version of FortiOS 5.6.3 prior to 5.6.8 or 6.0.x prior to 6.0.5. It is, therefore, affected by a directory traversal vulnerability in the SSL VPN web portal, due to improper sanitization of path traversal characters in URLs. An unauthenticated, remote attacker can...

SSL/TLS EXPORT_DHE <= 512-bit Export Cipher Suites Supported (Logjam)

The remote host supports EXPORTDHE cipher suites with keys less than or equal to 512 bits. Through cryptanalysis, a third party can find the shared secret in a short amount of time. A man-in-the middle attacker may be able to downgrade the session to use EXPORTDHE cipher suites. Thus, it is...

Intel Management Engine Insecure Read / Write Operations RCE (INTEL-SA-00075) (remote check)

The Intel Management Engine on the remote host has Active Management Technology AMT enabled, and according to its self-reported version in the banner, it is running Intel manageability firmware version 6.x prior to 6.2.61.3535, 7.x prior to 7.1.91.3272, 8.x prior to 8.1.71.3608, 9.0.x or 9.1.x...

MySQL 5.6.x < 5.6.41 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.41. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not...

MS14-076: Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)

The remote Windows host is affected by a security feature bypass vulnerability that can lead to a bypass of the 'IP Address and Domain Restrictions' filtering rules. Successful exploitation of this vulnerability by a remote attacker allows clients from restricted or blocked domains to gain access...

Apache HTTP Server Byte Range DoS

The version of Apache HTTP Server running on the remote host is affected by a denial of service vulnerability. Making a series of HTTP requests with overlapping ranges in the Range or Request-Range request headers can result in memory and CPU exhaustion. A remote, unauthenticated attacker could...

SSL Cipher Block Chaining Cipher Suites Supported

The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining CBC mode. These cipher suites offer additional security over Electronic Codebook ECB mode, but have the potential to leak information if used improperly. C Tenable Network Security, Inc. include"compat.inc"; if...

SMB Registry : Start the Registry Service during the scan

To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service RemoteRegistry. If the service is down, this plugin will attempt to start for the duration of the scan. You need to explicitly enable this option for this plugin to work: 'Start the Remote...

MikroTik RouterOS Winbox Unauthenticated Arbitrary File Read/Write Vulnerability

The remote networking device is running a version of MikroTik RouterOS vulnerable to an unauthenticated arbitrary file read and write vulnerability. An unauthenticated attacker could leverage this vulnerability to read or write protected files on the affected host. Nessus was able to exploit this...

Web Application Potentially Vulnerable to Clickjacking

The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area...

Data Dynamics ActiveBar ActiveX Controls Code Execution

One or more of the Data Dynamics ActiveBar ActiveX controls installed on the remote Windows host is affected by a code execution vulnerability due to unspecified issues in the 'Save', 'SaveLayoutChanges', 'SaveMenuUsageData', and 'SetLayoutData' methods. Note that Data Dynamics ActiveBar is bundl...

Microsoft Patch Bulletin Feasibility Check

Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates. Note that this plugin is purely informational. C Tenable Network...

Web Server Generic Cookie Injection

The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to inject arbitrary cookies. Depending on the structure of the web application, it may be possible to launch a 'session fixation'...

nginx < 1.17.7 Information Disclosure

According to its Server response header, the installed version of nginx is prior to 1.17.7. It is, therefore, affected by an information disclosure vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Debian OpenSSH/OpenSSL Package Random Number Generator Weakness (SSL check)

The remote x509 certificate on the remote SSL server has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library. The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL. An...

OpenSSH < 9.3p2 Vulnerability

The version of OpenSSH installed on the remote host is prior to 9.3p2. It is, therefore, affected by a vulnerability as referenced in the release-9.3p2 advisory. - Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote cod...

Linux Kernel TCP Sequence Number Generation Security Weakness

The Linux kernel is prone to a security weakness related to TCP sequence number generation. Attackers can exploit this issue to inject arbitrary packets into TCP sessions using a brute-force attack. An attacker may use this vulnerability to create a denial of service condition or a...

X Server Detection

The remote host is running an X11 server. X11 is a client-server protocol that can be used to display graphical applications running on a given host on a remote client. Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection. C Tenable Network Security...

VMware ESXi 5.5 < Build 3029944 OpenSLP RCE (VMSA-2015-0007)

The remote VMware ESXi host is version 5.5 prior to build 3029944. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute...

OpenSSH < 7.3 Multiple Vulnerabilities

According to its banner, the version of OpenSSH running on the remote host is prior to 7.3. It is, therefore, affected by multiple vulnerabilities : - A local privilege escalation when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files from home directories...

Default Password (infoblox) for 'admin' Account

The account 'admin' on the remote host has the password 'infoblox'. An attacker may leverage this issue to gain total control of the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "admin"; password = "infoblox"; include'deprecatednasllevel.inc'; include'compat.inc...

OpenSSH PCI Disputed Vulnerabilities.

According to its banner, the version of OpenSSH running on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable, Inc...

Apache Multiviews Arbitrary Directory Listing

The Apache web server running on the remote host is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, by sending a crafted request, to display a listing of a remote directory, even if a valid index file exists in the directory. For Apache w...

Hydra: LDAP

This plugin runs Hydra to find LDAP accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

Oracle WebLogic Server Multiple Vulnerabilities (April 2017 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts component due to improper handling of multithreaded access to an ActionForm instance. An unauthenticated, remote attacke...

Debian OpenSSH/OpenSSL Package Random Number Generator Weakness

The remote SSH host key has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library. The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL. An attacker can easily obtain the...

Microsoft Windows Unquoted Service Path Enumeration

The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service. Note that this is a generic test that will flag...

SMTP Service Cleartext Login Permitted

The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism i.e. LOGIN or PLAIN is used. C Tenable...

KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 Cumulative Update

The remote Windows host is missing security update KB4022715. It is, therefore, affected by multiple vulnerabilities : - Multiple security bypass vulnerabilities exist in Device Guard. A local attacker can exploit these, via a specially crafted script, to bypass the Device Guard Code Integrity...

Network Time Protocol (NTP) Server Detection

An NTP server is listening on port 123. If not securely configured, it may provide information about its version, current date, current time, and possibly system information. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10884; scriptversion"1.33";...

Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key

The remote Internet Key Exchange IKE version 1 service seems to support Aggressive Mode with Pre-Shared key PSK authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorized access to private networks. C Tenable Network Security,...

PHP 8.0.x < 8.0.29

The version of PHP installed on the remote host is prior to 8.0.29. It is, therefore, affected by a vulnerability as referenced in the Version 8.0.29 advisory. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

Ping the remote host

Nessus was able to determine if the remote host is alive using one or more of the following ping types : - An ARP ping, provided the host is on the local subnet and Nessus is running over Ethernet. - An ICMP ping. - A TCP ping, in which the plugin sends to the remote host a packet with the flag...

Security Update for Microsoft Office Products (April 2017) (Petya)

The Microsoft Office application, Office Web Apps, or SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in Microsoft Outlook due to improper parsing of...

Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)

The version of Apache Struts running on the remote host is 2.3.5 through 2.3.31 or else 2.5.x prior to 2.5.10.1. It is, therefore, affected by a remote code execution vulnerability in the Jakarta Multipart parser due to improper handling of the Content-Type, Content-Disposition, and Content-Lengt...

TCP/IP Initial Sequence Number (ISN) Reuse Weakness

The remote host seems to generate Initial Sequence Numbers ISN in a weak manner which seems to solely depend on the source and dest port of the TCP packets. An attacker may exploit this flaw to establish spoofed connections to the remote host. The Raptor Firewall and Novell NetWare are known to b...

Oracle WebLogic Server Deserialization RCE (CVE-2018-2893)

The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the Core Components subcomponent due to unsafe deserialization of Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context ...

Security Updates for Microsoft SQL Server (June 2022)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

BigTree CMS index.php SQL Injection

The BigTree CMS install hosted on the remote web server fails to sanitize user-supplied input to the application's 'site/index.php' script before using it in a database query. An unauthenticated attacker may be able to exploit this issue to manipulate database queries, leading to disclosure of...

Nessus Windows Scan Not Performed with Admin Privileges

The Nessus scanner testing the remote host has been given SMB credentials to log into the remote host, however these credentials do not have administrative privileges. Typically, when Nessus performs a patch audit, it logs into the remote host and reads the version of the DLLs on the remote host ...

Hydra: MS SQL

This plugin runs Hydra to find MS SQL passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

Apache Tomcat 8.5.0 < 8.5.40 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.40. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.40security-8 advisory. - When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1...

JQuery UI < 1.13.2 XSS

The version of JQuery UI library hosted on the remote web server is prior to 1.13.2. It is, therefore, affected by a cross-site scripting vulnerability in the JQuery UI that allows remote attackers to inject arbitrary web script or HTML via processing the value of a compromised checkboxradio...