Apache Log4j SEoL (<= 1.x)

According to its version, Apache Log4j is less than or equal to 1.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Nessus Scan Information

This plugin displays, for each tested host, information about the scan itself : - The version of the plugin set. - The type of scanner Nessus or Nessus Home. - The version of the Nessus Engine. - The port scanners used. - The port range scanned. - The ping round trip time - Whether credentialed o...

SNMP Agent Default Community Names

It is possible to obtain the default community names of the remote SNMP server. An attacker can use this information to gain more knowledge about the remote host or to change the configuration of the remote system if the default community allows such modifications. C Tenable Network Security, Inc...

Microsoft Windows Guest Account Belongs to a Group

Using the supplied credentials, Nessus was able to determine that the 'Guest' user belongs to groups other than 'Guests' RID 546 or 'Domain Guests' RID 514. Guest users should not have any additional privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10907;...

Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)

According to its banner, the remote host is running a version of Allegro Software RomPager 4.07 to 4.33. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrative...

Oracle Java SE 1.7.0_311 / 1.8.0_301 / 1.11.0_12 / 1.16.0_2 Multiple Vulnerabilities (Unix July 2021 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 301, 8 Update 291, 11 Update 11, or 16 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory: - Vulnerability in the Java SE,...

SMB Use Host SID to Enumerate Local Users Without Credentials

Using the host security identifier SID, Nessus was able to enumerate local users on the remote Windows system, without credentials. C Tenable Network Security, Inc. @PREFERENCES@ include'compat.inc'; if description scriptid56211; scriptversion"1.12";...

Web Server HTTP Header Information Disclosure

The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and languages used by the web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid88099; scriptversion"1.9"; scriptcvsdate"Date: 2019/04/30...

SSH Commands Require Privilege Escalation

This plugin reports the SSH commands that failed with a response indicating that privilege escalation is required to run them. Either privilege escalation credentials were not provided, or the command failed to run with the provided privilege escalation credentials. NOTE: Due to limitations...

DNS Server Cache Snooping Remote Information Disclosure

The remote DNS server responds to queries for third-party domains that do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited. For instance, if an attacke...

HP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy)

According to its banner, the version of HP System Management Homepage SMH hosted on the remote web server is prior to 7.6. It is, therefore, affected by the following vulnerabilities : - A heap buffer overflow condition exists in OpenSSL in the EVPEncodeUpdate function within file...

Oracle WebLogic Server Multiple Vulnerabilities (Oct 2020 CPU)

The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2020 CPU advisory. - An unspecified vulnerability exists in the Console component. An unauthenticated, remote attacker with network access via HTTP can exploit this iss...

ISC BIND Allow-Recursion Vulnerability

According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is 9.9.12, 9.10.7, 9.11.3, 9.12.0 prior to or equal to 9.12.1-P2, development release 9.13.0, 9.9.12-S1, 9.11.3-S1, or 9.11.3-S2. It is, therefore, affected by an allow-recursion vulnerability whi...

Oracle WebLogic Server Multiple Vulnerabilities (July 2017 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities : - A flaw exists in Jython due to executable classes being created with insecure permissions. A local attacker can exploit this to bypass intended access restrictions and thereby disclose...

RHEL 9 : compat-openssl11 (RHSA-2022:4899)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:4899 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

FileZilla Server < 0.9.44 OpenSSL Heartbeat Information Disclosure (Heartbleed)

According to its banner, the version of FileZilla Server running on the remote host is prior to 0.9.44. It is, therefore, affected by an information disclosure vulnerability. An information disclosure flaw exists with the OpenSSL included with FileZilla Server. A remote attacker could read the...

Target Credential Status by Authentication Protocol - Failure for Provided Credentials

Nessus failed to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote...

ManageEngine OpManager Default Credentials

The remote ManageEngine OpManager web administration interface uses a known set of hard-coded default credentials. An attacker can use these to gain administrative access to the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'...

AWStats awstats.pl configdir Parameter Arbitrary Command Execution

The remote host is running AWStats, a free logfile analysis tool for analyzing ftp, mail, web, ... traffic. The remote version of this software fails to sanitize user-supplied input to the 'configdir' parameter of the 'awstats.pl' script. An attacker may exploit this condition to execute commands...

The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)

The remote host has the HKEYCLASSESROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190. Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch. C Tenable, Inc. include'compat.inc'; if...

Web Server HTTP Header Memory Exhaustion DoS

It was possible to kill the web server by sending an invalid 'infinite' HTTP request that never ends, like: GET / HTTP/1.0 Referer: XXXXXXXXXXXXXXXXXXXXXXXX ... An attacker may exploit this vulnerability to make your web server crash continually if the attack saturates virtual memory on the targe...

SMTP Server Non-standard Port Detection

This SMTP server is running on a non-standard port. This might be a backdoor set up by attackers to send spam or even control of a targeted machine. C Tenable Network Security, Inc. References: RFC 2645 On-Demand Mail Relay ODMR SMTP with Dynamic IP Addresses include"compat.inc"; if description...

PHP 7.0.x < 7.0.33 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.33. It is, therefore, affected by multiple vulnerabilities: - An arbitrary command injection vulnerability exists in the imapopen function due to improper filters for mailbox names prior to passing...

MySQL 5.5.x < 5.5.59 Multiple Vulnerabilities (January 2018 CPU)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.59. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has no...

Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure

The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions o...

MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that allows a remote attacker to to execute code remotely. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid78432; scriptversion"1.11"; scriptcvsdate"Date:...

Dragonfly CMS install.php newlang Parameter Local File Inclusion

The remote host appears to be running Dragonfly / CPG-Nuke CMS, a content management system written in PHP. The installed version of Dragonfly / CPG-Nuke CMS fails to validate user input to the 'getlang' parameter as well as the 'installlang' cookie before using them in the 'install.php' script i...

PHP 7.4.x < 7.4.30 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 7.4.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 7.4.30 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplyi...

OpenSSH >= 2.3.0 AllowTcpForwarding Port Bouncing

According to its banner, the remote host is running OpenSSH, version 2.3.0 or later. Such versions of OpenSSH allow forwarding TCP connections. If the OpenSSH server is configured to allow anonymous connections e.g. AnonCVS, remote, unauthenticated users could use the host as a proxy. C Tenable,...

RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 (RHSA-2019:1297)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1297 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

PHP 8.0.x < 8.0.30 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.0.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.30 advisory. - In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR...

KB 3137909: Vulnerabilities in ASP.NET Templates Could Allow Tampering

The remote Windows host has a version of Visual Studio installed that has ASP.NET MVC5 or ASP.NET MVC6 project templates that are affected by a cross-site request forgery XSRF vulnerability. ASP.NET projects built from these templates will be affected by the XSRF vulnerability. C Tenable Network...

Web Server Uses Basic Authentication Without HTTPS

The remote web server contains web pages that are protected by 'Basic' authentication over cleartext. An attacker eavesdropping the traffic might obtain logins and passwords of valid users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid34850; scriptversion"$Revision...

Microsoft Windows Installed Hotfixes

Using the supplied credentials, Nessus was unable to log into the remote Windows host, enumerate installed hotfixes, or store them in its knowledge base for other plugins to use. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if...

PHP 7.4.x < 7.4.28

The version of PHP installed on the remote host is prior to 7.4.28. It is, therefore, affected by a vulnerability as referenced in the Version 7.4.28 advisory. - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT...

PHP 7.2 < 7.2.34 / 7.3.x < 7.3.23 / 7.4.x < 7.4.11 Mulitiple Vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilties: - A weak cryptography vulnerability exists in PHP's opensslencrypt...

Apache .htaccess and .htpasswd Disclosure

The Apache server does not properly restrict access to .htaccess and/or .htpasswd files. A remote unauthenticated attacker can download these files and potentially uncover important information. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106231; scriptversion"1.5...

Apache Tomcat 9.0.35 < 9.0.58 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.58. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.58security-9 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to...

SSL Cipher Suites Supported

This plugin detects which SSL ciphers are supported by the remote service for encrypting communications. TRUSTED...

TLS Version 1.1 Deprecated Protocol

The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1 As of March 31, 2020, Endpoints that...

Windows 10 / Windows Server 2016 September 2017 Information Disclosure Vulnerability (CVE-2017-8529)

The remote Windows host is missing a security update or a registry setting required to enable protections for CVE-2017-8529. It is, therefore, affected by an information disclosure vulnerability: - An information disclosure vulnerability exists when affected Microsoft scripting engines do not...

Security Updates for Microsoft SQL Server 2016 and 2017 x64 (August 2018)

The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by buffer overflow vulnerability that could allow remote code execution on an affected system. An attacker who successfully exploited the vulnerability could execute code in the context of the SQL Server...

Multiple Vendor DNS Query ID Field Prediction Cache Poisoning

The remote DNS resolver does not use random ports when making queries to third-party DNS servers. An unauthenticated, remote attacker can exploit this to poison the remote DNS server, allowing the attacker to divert legitimate traffic to arbitrary sites. C Tenable Network Security, Inc...

MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) (uncredentialed check)

The version of Windows running on the remote host is affected by an integer overflow condition in the HTTP protocol stack HTTP.sys due to improper parsing of crafted HTTP requests. An unauthenticated, remote attacker can exploit this to execute arbitrary code with System privileges. C Tenable...

Windows PrintNightmare Registry Exposure CVE-2021-34527 OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges. The remote system is not fully secure as the point and print...

Apache 2.4.x < 2.4.27 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.27. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in httpd due to a failure to initialize or reset the value placeholder in Proxy-Authorizatio...

Multiple Mail Server EXPN/VRFY Information Disclosure

The remote SMTP server answers to the EXPN and/or VRFY commands. The EXPN command can be used to find the delivery address of mail aliases, or even the full name of the recipients, and the VRFY command may be used to check the validity of an account. Your mailer should not allow remote users to u...

NFS Share User Mountable

Nessus was either able to mount some of the NFS shares exported by the remote server or disclose potentially sensitive information such as a directory listing. An attacker may exploit this issue to gain read and possibly write access to files on remote host. Note that root privileges were not...

PHP 8.0.x < 8.0.28 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.28, 8.1.x prior to 8.1.16, or 8.2.x prior to 8.2.3. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS attack due to insufficient validation of...

Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities

The version of Microsoft Open Management Infrastructure OMI package installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to...