Web Vulnerabilities (Level 1 Scan)
Total Page:16
File Type:pdf, Size:1020Kb
Web Vulnerabilities (Level 1 Scan) Vulnerability Name CVE CWE Severity .htaccess file readable CWE-16 ASP code injection CWE-95 High ASP.NET MVC version disclosure CWE-200 Low ASP.NET application trace enabled CWE-16 Medium ASP.NET debugging enabled CWE-16 Low ASP.NET diagnostic page CWE-200 Medium ASP.NET error message CWE-200 Medium ASP.NET padding oracle vulnerability CVE-2010-3332 CWE-310 High ASP.NET path disclosure CWE-200 Low ASP.NET version disclosure CWE-200 Low AWStats script CWE-538 Medium Access database found CWE-538 Medium Adobe ColdFusion 9 administrative login bypass CVE-2013-0625 CVE-2013-0629CVE-2013-0631 CVE-2013-0 CWE-287 High 632 Adobe ColdFusion directory traversal CVE-2013-3336 CWE-22 High Adobe Coldfusion 8 multiple linked XSS CVE-2009-1872 CWE-79 High vulnerabilies Adobe Flex 3 DOM-based XSS vulnerability CVE-2008-2640 CWE-79 High AjaxControlToolkit directory traversal CVE-2015-4670 CWE-434 High Akeeba backup access control bypass CWE-287 High AmCharts SWF XSS vulnerability CVE-2012-1303 CWE-79 High Amazon S3 public bucket CWE-264 Medium AngularJS client-side template injection CWE-79 High Apache 2.0.39 Win32 directory traversal CVE-2002-0661 CWE-22 High Apache 2.0.43 Win32 file reading vulnerability CVE-2003-0017 CWE-20 High Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425 CWE-20 High Apache 2.x version equal to 2.0.51 CVE-2004-0811 CWE-264 Medium Apache 2.x version older than 2.0.43 CVE-2002-0840 CVE-2002-1156 CWE-538 Medium Apache 2.x version older than 2.0.45 CVE-2003-0132 CWE-400 Medium Apache 2.x version older than 2.0.46 CVE-2003-0083 CVE-2003-0134CVE-2003-0189 CVE-2003-0 CWE-20 Medium 245 Apache 2.x version older than 2.0.47 CVE-2003-0192 CVE-2003-0253CVE-2003-0254 CWE-20 Medium Apache 2.x version older than 2.0.48 CVE-2003-0542 CVE-2003-0789 CWE-119 Medium Apache 2.x version older than 2.0.49 CVE-2003-0020 CVE-2004-0113CVE-2004-0174 CWE-20 Medium Apache 2.x version older than 2.0.51 CVE-2004-0747 CVE-2004-0748CVE-2004-0751 CVE-2004-0 CWE-119 Medium 786CVE-2004-0809 Apache 2.x version older than 2.0.55 CVE-2005-1268 CVE-2005-2088CVE-2005-2491 CVE-2005-2 CWE-119 Medium 700CVE-2005-2728 CVE-2005-2970 !1 Vulnerability Name CVE CWE Severity Apache 2.x version older than 2.0.61 CVE-2006-5752 CVE-2007-1863CVE-2007-3304 CVE-2007-3 CWE-701 Medium 847 Apache 2.x version older than 2.0.63 CVE-2007-5000 CVE-2007-6388CVE-2008-0005 CWE-79 Medium Apache 2.x version older than 2.2.10 CVE-2008-2939 CVE-2010-2791 CWE-79 Low Apache 2.x version older than 2.2.3 CVE-2006-3747 CWE-189 Medium Apache 2.x version older than 2.2.6 CVE-2006-5752 CVE-2007-1862CVE-2007-1863 CVE-2007-3 CWE-20 Medium 304CVE-2007-3847 Apache 2.x version older than 2.2.8 CVE-2007-5000 CVE-2007-6388CVE-2007-6421 CVE-2007-6 CWE-79 Medium 422CVE-2008-0005 Apache 2.x version older than 2.2.9 CVE-2007-6420 CVE-2008-2364 CWE-399 Medium Apache Axis2 administration console weak CWE-200 High password Apache Axis2 information disclosure CWE-200 Medium Apache Axis2 web services enumeration CWE-200 Low Apache Axis2 xsd local file inclusion CWE-22 High Apache Geronimo default administrative CWE-16 High credentials Apache JServ protocol service CWE-16 Medium Apache Proxy HTTP CONNECT method enabled CWE-16 Medium Apache Roller OGNL injection CVE-2013-4212 CWE-20 High Apache Solr endpoint CWE-16 Low Apache Struts 2 ClassLoader manipulation and CVE-2014-0094 CWE-701 High denial of service Apache Struts 2 ClassLoader manipulation and CVE-2014-0112 CWE-701 High denial of service Apache Struts 2 DefaultActionMapper Prefixes CVE-2013-2251 CWE-20 High OGNL Code Execution Apache Struts2 remote code execution CVE-2016-0785 CWE-78 High vulnerability Apache Tomcat "allowLinking" on Case Insensitive CWE-538 High Filesystems Apache Tomcat "allowLinking" on case insensitive CVE-2008-2938 CWE-22 High filesystems Apache Tomcat JK connector security bypass CVE-2007-1860 CWE-16 High Apache Tomcat WAR file directory traversal CVE-2009-2693 CVE-2009-2901 CWE-22 Medium vulnerability Apache Tomcat directory host Appbase CVE-2009-2901 CWE-264 Medium authentication bypass vulnerability Apache Tomcat directory traversal CVE-2007-0450 CWE-22 Medium Apache Tomcat examples directory vulnerabilities CWE-264 Medium Apache Tomcat hello.jsp XSS CVE-2007-1355 CWE-79 Low Apache Tomcat insecure default administrative CWE-284 High password Apache Tomcat sample files CWE-538 Medium !2 Vulnerability Name CVE CWE Severity Apache Tomcat version older than 4.1.37 CVE-2005-3164 CVE-2007-1355CVE-2007-2449 CVE-2007-2 CWE-79 Medium 450CVE-2007-3382 CVE-2007-3383CVE-2007-3385 CVE-200 7-5333CVE-2007-5461 Apache Tomcat version older than 4.1.39 CVE-2008-0128 CVE-2008-1232CVE-2008-2370 CWE-22 Medium Apache Tomcat version older than 5.5.25 CVE-2007-2449 CVE-2007-2450CVE-2007-3382 CVE-2007-3 CWE-79 Medium 385CVE-2007-3386 Apache Tomcat version older than 5.5.26 CVE-2007-5333 CVE-2007-5342CVE-2007-5461 CVE-2007-6 CWE-264 Medium 286 Apache Tomcat version older than 5.5.27 CVE-2008-1232 CVE-2008-1947CVE-2008-2370 CWE-22 Medium Apache Tomcat version older than 6.0.10 CVE-2007-0450 CWE-22 Medium Apache Tomcat version older than 6.0.11 CVE-2005-2090 CVE-2007-1355 CWE-79 Medium Apache Tomcat version older than 6.0.14 CVE-2007-2449 CVE-2007-2450CVE-2007-3382 CVE-2007-3 CWE-79 Medium 385CVE-2007-3386 Apache Tomcat version older than 6.0.16 CVE-2007-5333 CVE-2007-5342CVE-2007-5461 CVE-2007-6 CWE-264 Medium 286CVE-2008-0002 Apache Tomcat version older than 6.0.18 CVE-2008-1232 CVE-2008-1947CVE-2008-2370 CWE-79 Medium Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375CVE-2012-0022 CWE-264 High Apache Tomcat version older than 6.0.36 CVE-2012-2733 CVE-2012-3439CVE-2012-3546 CVE-2012-4 CWE-20 High 431CVE-2012-4534 Apache Tomcat version older than 6.0.6 CVE-2007-1358 CWE-79 Low Apache Tomcat version older than 6.0.9 CVE-2008-0128 CWE-16 Medium Apache Tomcat version older than 7.0.21 CVE-2011-3190 CWE-264 High Apache Tomcat version older than 7.0.23 CVE-2012-0022 CWE-189 High Apache Tomcat version older than 7.0.28 CVE-2012-2733 CVE-2012-4534 CWE-20 High Apache Tomcat version older than 7.0.30 CVE-2012-3439 CVE-2012-3544CVE-2012-3546 CWE-20 High Apache Tomcat version older than 7.0.32 CVE-2012-4431 CWE-264 High Apache Win32 batch file remote command CVE-2002-0061 CWE-20 High execution vulnerability Apache configured to run as proxy CWE-16 Medium Apache error log escape sequence injection CVE-2003-0020 CWE-20 Medium vulnerability Apache httpOnly cookie disclosure CVE-2012-0053 CWE-264 Medium Apache httpd remote denial of service CVE-2011-3192 CWE-399 Medium Apache mod_negotiation filename bruteforcing CWE-538 Low Apache mod_rewrite off-by-one buffer overflow CVE-2006-3747 CWE-189 High vulnerability Apache perl-status enabled CWE-200 Medium Apache server-info enabled CWE-200 Medium Apache server-status enabled CWE-200 Medium Apache solr service exposed CWE-16 High Apache stronghold-info enabled CWE-200 Low Apache stronghold-status enabled CWE-200 Low !3 Vulnerability Name CVE CWE Severity Apache version older than 1.3.27 CVE-2002-0839 CVE-2002-0840CVE-2002-0843 CWE-119 Medium Apache version older than 1.3.28 CVE-2003-0460 CWE-20 Medium Apache version older than 1.3.29 CVE-2003-0542 CWE-119 Medium Apache version older than 1.3.31 CVE-2003-0020 CVE-2003-0987CVE-2003-0993 CVE-2004-0 CWE-264 Medium 174 Apache version older than 1.3.34 CVE-2005-2088 CWE-20 Medium Apache version older than 1.3.37 CVE-2006-3747 CWE-189 Medium Apache version older than 1.3.39 CVE-2006-5752 CVE-2007-3304 CWE-79 Medium Apache version older than 1.3.41 CVE-2007-6388 CWE-79 Medium Apache version up to 1.3.33 htpasswd local CVE-2006-1078 CWE-119 Low overflow Application error message CWE-200 Medium Arbitrary file creation CWE-20 High Arbitrary file deletion CWE-20 High Arbitrary file existence disclosure in Action Pack CVE-2014-7829 CWE-200 Medium Arbitrary local file read via file upload CWE-200 High Aspect Low Atlassian Jira DOM-based cross-site scripting CWE-79 High vulnerability BREACH attack CVE-2013-3587 CWE-310 Medium Backup files CWE-538 Medium Barracuda networks products multiple directory CWE-22 High traversal vulnerabilities Bash code injection vulnerability CVE-2014-6271 CWE-78 High Basic authentication over HTTP CWE-16 Medium Bazaar repository found CWE-538 High Blind XSS CWE-80 High Bonjour service running CWE-16 Low Broken links CWE-16 Informational CKEditor 4.0.1 cross-site scripting vulnerability CWE-79 High CRIME SSL/TLS attack CVE-2012-4929 CWE-310 Medium CRLF injection/HTTP response splitting CWE-113 Medium CVS web repository CWE-16 High CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335 CWE-20 High Chargen service running CWE-16 Medium Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392 CWE-119 High Chrome Logger information disclosure CWE-16 Medium Clickjacking: X-Frame-Options header missing CWE-693 Low Code execution CWE-94 High !4 Vulnerability Name CVE CWE Severity CodeIgniter 2.1.3 xss_clean() filter bypass CVE-2013-4891 CWE-80 High CodeIgniter session decoding vulnerability CWE-16 High CodeIgniter weak encryption key CWE-200 High ColdFusion 8 FCKEditor file upload vulnerability CVE-2009-2265 CWE-22 High ColdFusion 9 solr service exposed CVE-2010-0185 CWE-264 High ColdFusion User-Agent cross-site scripting CVE-2007-0817 CWE-79 High ColdFusion administrator login page publicly CWE-16 Low available ColdFusion directory traversal CVE-2010-2861 CWE-22 High ColdFusion path disclosure CWE-200 Low Configuration file disclosure CWE-538 High Configuration file source code disclosure CWE-538 High Content type